Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-31 CVE-2013-4357 Classic Buffer Overflow vulnerability in multiple products
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. 		5.0
5.0
2019-12-31 CVE-2019-14466 Deserialization of Untrusted Data vulnerability in multiple products
The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.
network
low complexity
gosa-project debian CWE-502
5.5
5.5
2019-12-31 CVE-2019-20171 Memory Leak vulnerability in multiple products
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109.
network
gpac debian CWE-401
4.3
4.3
2019-12-31 CVE-2019-20170 Release of Invalid Pointer or Reference vulnerability in multiple products
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109.
local
low complexity
gpac debian CWE-763
5.5
5.5
2019-12-31 CVE-2019-20165 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109.
local
low complexity
gpac debian CWE-476
5.5
5.5
2019-12-31 CVE-2019-20163 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109.
local
low complexity
gpac debian CWE-476
5.5
5.5
2019-12-31 CVE-2019-20162 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109.
local
low complexity
gpac debian CWE-787
5.5
5.5
2019-12-31 CVE-2019-20161 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109.
local
low complexity
gpac debian CWE-787
5.5
5.5
2019-12-30 CVE-2013-2016 Improper Privilege Management vulnerability in multiple products
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. 		6.9
6.9
2019-12-30 CVE-2019-20096 Memory Leak vulnerability in multiple products
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
local
low complexity
linux debian canonical CWE-401
5.5
5.5