Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-31 CVE-2019-14466 Deserialization of Untrusted Data vulnerability in multiple products
The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.
network
low complexity
gosa-project debian CWE-502
6.5
6.5
2019-12-31 CVE-2019-20171 Memory Leak vulnerability in multiple products
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109.
local
low complexity
gpac debian CWE-401
5.5
5.5
2019-12-31 CVE-2019-20170 Release of Invalid Pointer or Reference vulnerability in multiple products
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109.
local
low complexity
gpac debian CWE-763
5.5
5.5
2019-12-31 CVE-2019-20165 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109.
local
low complexity
gpac debian CWE-476
5.5
5.5
2019-12-31 CVE-2019-20163 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109.
local
low complexity
gpac debian CWE-476
5.5
5.5
2019-12-31 CVE-2019-20162 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109.
local
low complexity
gpac debian CWE-787
5.5
5.5
2019-12-31 CVE-2019-20161 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109.
local
low complexity
gpac debian CWE-787
5.5
5.5
2019-12-30 CVE-2012-5476 Information Exposure vulnerability in multiple products
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
local
low complexity
openstack debian CWE-200
5.5
5.5
2019-12-30 CVE-2012-5474 Missing Encryption of Sensitive Data vulnerability in multiple products
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. 		5.5
5.5
2019-12-30 CVE-2019-20096 Memory Leak vulnerability in multiple products
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
local
low complexity
linux debian canonical CWE-401
5.5
5.5