Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2010-2471 Open Redirect vulnerability in multiple products
Drupal versions 5.x and 6.x has open redirection
network
low complexity
drupal debian CWE-601
6.1
2019-11-06 CVE-2011-4900 Information Exposure vulnerability in multiple products
TYPO3 before 4.5.4 allows Information Disclosure in the backend.
network
low complexity
typo3 debian CWE-200
6.5
2019-11-05 CVE-2019-5068 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2.
local
low complexity
mesa3d opensuse debian canonical CWE-732
4.4
2019-11-05 CVE-2013-5123 Improper Authentication vulnerability in multiple products
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
network
high complexity
pypa virtualenv fedoraproject redhat debian CWE-287
5.9
2019-11-05 CVE-2010-3674 Cross-site Scripting vulnerability in multiple products
TYPO3 before 4.4.1 allows XSS in the frontend search box.
network
low complexity
typo3 debian CWE-79
6.1
2019-11-05 CVE-2013-6275 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
network
low complexity
horde debian CWE-352
6.5
2019-11-05 CVE-2013-6461 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-11-05 CVE-2013-6460 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-11-05 CVE-2013-6365 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
network
high complexity
horde opensuse debian CWE-352
5.3
2019-11-01 CVE-2013-4168 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.
network
low complexity
smokeping debian fedoraproject CWE-79
6.1