Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-01 | CVE-2013-2255 | Improper Certificate Validation vulnerability in multiple products HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | 5.9 |
| 2019-11-01 | CVE-2005-2351 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. | 5.5 |
| 2019-11-01 | CVE-2013-3718 | Improper Input Validation vulnerability in multiple products evince is missing a check on number of pages which can lead to a segmentation fault | 5.5 |
| 2019-10-31 | CVE-2012-6123 | Improper Input Validation vulnerability in multiple products Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." | 6.5 |
| 2019-10-31 | CVE-2013-1951 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. | 6.1 |
| 2019-10-31 | CVE-2013-1934 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. | 5.4 |
| 2019-10-31 | CVE-2010-2490 | Improper Input Validation vulnerability in multiple products Mumble: murmur-server has DoS due to malformed client query | 6.5 |
| 2019-10-31 | CVE-2019-18424 | OS Command Injection vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. | 6.8 |
| 2019-10-31 | CVE-2019-18420 | Use of Externally-Controlled Format String vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. | 6.5 |
| 2019-10-30 | CVE-2010-0749 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. | 5.3 |