Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-07 CVE-2020-11042 In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info.
network
high complexity
freerdp debian canonical
5.9
2020-05-06 CVE-2020-12108 Injection vulnerability in multiple products
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
network
low complexity
gnu debian fedoraproject opensuse canonical CWE-74
6.5
2020-05-04 CVE-2020-10933 Use of Uninitialized Resource vulnerability in multiple products
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0.
network
low complexity
ruby-lang fedoraproject debian CWE-908
5.3
2020-05-04 CVE-2020-12626 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.4.4.
network
low complexity
roundcube debian CWE-352
6.5
2020-05-04 CVE-2020-12625 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.4.4.
network
low complexity
roundcube debian opensuse CWE-79
6.1
2020-04-30 CVE-2020-11030 Cross-site Scripting vulnerability in multiple products
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor.
network
low complexity
wordpress debian CWE-79
5.4
2020-04-30 CVE-2020-11029 Cross-site Scripting vulnerability in multiple products
In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks.
network
low complexity
debian wordpress CWE-79
6.1
2020-04-30 CVE-2020-11026 Cross-site Scripting vulnerability in multiple products
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file.
network
low complexity
wordpress debian CWE-79
5.4
2020-04-30 CVE-2020-11025 Cross-site Scripting vulnerability in multiple products
In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed.
network
low complexity
wordpress debian CWE-79
5.4
2020-04-30 CVE-2020-11652 Path Traversal vulnerability in multiple products
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
6.5