Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-17 | CVE-2019-19830 | _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. | 6.5 |
| 2019-12-16 | CVE-2019-16779 | Race Condition vulnerability in multiple products In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. | 5.9 |
| 2019-12-16 | CVE-2019-19783 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. | 6.5 |
| 2019-12-15 | CVE-2014-8561 | Infinite Loop vulnerability in multiple products imagemagick 6.8.9.6 has remote DOS via infinite loop | 6.5 |
| 2019-12-15 | CVE-2014-4913 | Cross-site Scripting vulnerability in multiple products ZF2014-03 has a potential cross site scripting vector in multiple view helpers | 6.1 |
| 2019-12-15 | CVE-2019-19797 | Out-of-bounds Write vulnerability in multiple products read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. | 5.5 |
| 2019-12-13 | CVE-2014-2387 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | 4.4 |
| 2019-12-12 | CVE-2018-11805 | OS Command Injection vulnerability in multiple products In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. | 6.7 |
| 2019-12-11 | CVE-2013-7371 | Cross-site Scripting vulnerability in multiple products node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) | 6.1 |
| 2019-12-11 | CVE-2013-7370 | Cross-site Scripting vulnerability in multiple products node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | 6.1 |