Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-31 | CVE-2013-1934 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. | 5.4 |
| 2019-10-31 | CVE-2010-2490 | Improper Input Validation vulnerability in multiple products Mumble: murmur-server has DoS due to malformed client query | 6.5 |
| 2019-10-31 | CVE-2019-18424 | OS Command Injection vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. | 6.8 |
| 2019-10-31 | CVE-2019-18420 | Use of Externally-Controlled Format String vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. | 6.5 |
| 2019-10-30 | CVE-2010-0749 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. | 5.3 |
| 2019-10-29 | CVE-2019-18603 | Use of Uninitialized Resource vulnerability in multiple products OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. | 5.9 |
| 2019-10-29 | CVE-2010-3373 | Improper Input Validation vulnerability in multiple products paxtest handles temporary files insecurely | 5.5 |
| 2019-10-23 | CVE-2019-18281 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. | 4.3 |
| 2019-10-22 | CVE-2019-15587 | Cross-site Scripting vulnerability in multiple products In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | 5.4 |
| 2019-10-17 | CVE-2019-17674 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. | 5.4 |