Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-01-30 | CVE-2016-9119 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2017-01-30 | CVE-2016-7798 | Inadequate Encryption Strength vulnerability in multiple products The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. | 5.0 |
2017-01-30 | CVE-2016-2518 | Out-of-bounds Read vulnerability in multiple products The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | 5.0 |
2017-01-30 | CVE-2015-7977 | NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | 4.3 |
2017-01-30 | CVE-2017-5612 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt. | 4.3 |
2017-01-30 | CVE-2017-5610 | Information Exposure vulnerability in Wordpress wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms. | 5.0 |
2017-01-27 | CVE-2017-3318 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). | 4.0 |
2017-01-27 | CVE-2017-3317 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). | 4.0 |
2017-01-27 | CVE-2017-3313 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). | 4.7 |
2017-01-27 | CVE-2017-3265 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). | 4.9 |