Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-16 CVE-2019-11281 Cross-site Scripting vulnerability in multiple products
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input.
4.8
2019-10-15 CVE-2017-1002201 Cross-site Scripting vulnerability in multiple products
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly.
network
low complexity
haml debian CWE-79
6.1
2019-10-09 CVE-2019-17402 Classic Buffer Overflow vulnerability in multiple products
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
network
low complexity
exiv2 debian canonical CWE-120
6.5
2019-10-08 CVE-2019-17349 Infinite Loop vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.
local
low complexity
xen debian CWE-835
5.5
2019-10-08 CVE-2019-17348 Improper Input Validation vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
local
low complexity
xen debian CWE-20
6.5
2019-10-08 CVE-2019-17345 An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.
local
low complexity
xen debian
6.5
2019-10-08 CVE-2019-17344 Improper Synchronization vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
local
low complexity
xen debian CWE-662
6.5
2019-10-08 CVE-2019-17343 Improper Locking vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.
low complexity
xen debian CWE-667
6.8
2019-10-08 CVE-2019-17350 Infinite Loop vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.
local
low complexity
xen debian CWE-835
5.5
2019-10-03 CVE-2019-15165 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
5.3