Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-08 | CVE-2017-11107 | Cross-site Scripting vulnerability in multiple products phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. | 6.1 |
| 2017-07-08 | CVE-2017-11104 | Improper Input Validation vulnerability in multiple products Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. | 5.9 |
| 2017-06-28 | CVE-2017-9989 | NULL Pointer Dereference vulnerability in multiple products util/outputtxt.c in libming 0.4.8 mishandles memory allocation. | 6.5 |
| 2017-06-28 | CVE-2017-9988 | NULL Pointer Dereference vulnerability in multiple products The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. | 6.5 |
| 2017-06-26 | CVE-2017-9936 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. | 6.5 |
| 2017-06-26 | CVE-2017-9929 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. | 5.5 |
| 2017-06-26 | CVE-2017-9928 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. | 5.5 |
| 2017-06-25 | CVE-2017-9868 | Information Exposure vulnerability in multiple products In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. | 5.5 |
| 2017-06-25 | CVE-2017-9865 | Out-of-bounds Read vulnerability in multiple products The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. | 5.5 |
| 2017-06-22 | CVE-2017-9775 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | 6.5 |