Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. 6.1
2020-04-29 CVE-2020-11023 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. 6.1
2020-04-28 CVE-2020-1774 When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys.
network
low complexity
otrs debian
4.9
2020-04-24 CVE-2020-12137 Cross-site Scripting vulnerability in multiple products
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts.
network
low complexity
gnu debian fedoraproject canonical opensuse CWE-79
6.1
2020-04-23 CVE-2020-1760 Cross-site Scripting vulnerability in multiple products
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3.
6.1
2020-04-22 CVE-2020-1983 Use After Free vulnerability in multiple products
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
6.5
2020-04-15 CVE-2019-12521 Off-by-one Error vulnerability in multiple products
An issue was discovered in Squid through 4.7.
network
high complexity
squid-cache canonical debian opensuse CWE-193
5.9
2020-04-15 CVE-2020-2934 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).
network
high complexity
oracle fedoraproject debian
5.0
2020-04-15 CVE-2020-2875 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).
network
high complexity
oracle fedoraproject debian
4.7
2020-04-15 CVE-2020-2830 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). 5.3