Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-16 CVE-2020-7106 Cross-site Scripting vulnerability in multiple products
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
network
low complexity
cacti debian opensuse suse fedoraproject CWE-79
6.1
6.1
2020-01-16 CVE-2020-7045 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash.
low complexity
wireshark debian CWE-476
6.5
6.5
2020-01-15 CVE-2019-15961 Resource Exhaustion vulnerability in multiple products
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav cisco debian canonical CWE-400
6.5
6.5
2020-01-15 CVE-2020-2659 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). 4.3
4.3
2020-01-15 CVE-2020-2655 Vulnerability in the Java SE product of Oracle Java SE (component: JSSE).
network
oracle debian redhat
5.8
5.8
2020-01-15 CVE-2020-2654 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). 4.3
4.3
2020-01-15 CVE-2020-2601 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). 4.3
4.3
2020-01-15 CVE-2020-2593 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). 5.8
5.8
2020-01-15 CVE-2020-2590 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). 4.3
4.3
2020-01-15 CVE-2020-2583 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). 4.3
4.3