Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-12 | CVE-2019-18345 | Cross-site Scripting vulnerability in multiple products A reflected XSS issue was discovered in DAViCal through 1.1.8. | 9.3 |
| 2019-12-12 | CVE-2019-17358 | Deserialization of Untrusted Data vulnerability in multiple products Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. | 5.5 |
| 2019-12-11 | CVE-2019-19725 | Double Free vulnerability in multiple products sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. | 9.8 |
| 2019-12-11 | CVE-2019-19583 | An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. | 7.5 |
| 2019-12-11 | CVE-2013-7371 | Cross-site Scripting vulnerability in multiple products node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) | 4.3 |
| 2019-12-11 | CVE-2013-7370 | Cross-site Scripting vulnerability in multiple products node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | 4.3 |
| 2019-12-11 | CVE-2013-4245 | Improper Input Validation vulnerability in multiple products Orca has arbitrary code execution due to insecure Python module load | 4.4 |
| 2019-12-11 | CVE-2013-4158 | Cross-site Scripting vulnerability in multiple products smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) | 4.3 |
| 2019-12-11 | CVE-2019-19709 | Open Redirect vulnerability in multiple products MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | 6.1 |
| 2019-12-11 | CVE-2019-5815 | Type Confusion vulnerability in multiple products Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. | 7.5 |