Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-24 CVE-2019-5094 Out-of-bounds Write vulnerability in multiple products
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3.
6.7
2019-09-24 CVE-2019-16728 Cross-site Scripting vulnerability in multiple products
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
network
low complexity
cure53 debian CWE-79
6.1
2019-09-23 CVE-2019-16713 Memory Leak vulnerability in multiple products
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
network
low complexity
imagemagick canonical opensuse debian CWE-401
6.5
2019-09-23 CVE-2019-16711 Memory Leak vulnerability in multiple products
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
network
low complexity
imagemagick debian opensuse canonical CWE-401
6.5
2019-09-23 CVE-2019-16710 Memory Leak vulnerability in multiple products
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
network
low complexity
imagemagick debian opensuse canonical CWE-401
6.5
2019-09-23 CVE-2019-16708 Memory Leak vulnerability in multiple products
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
network
low complexity
imagemagick canonical opensuse debian CWE-401
6.5
2019-09-21 CVE-2019-16680 Path Traversal vulnerability in multiple products
An issue was discovered in GNOME file-roller before 3.29.91.
network
low complexity
gnome redhat debian canonical CWE-22
4.3
2019-09-19 CVE-2019-11779 Uncontrolled Recursion vulnerability in multiple products
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e.
6.5
2019-09-17 CVE-2019-16394 Information Exposure Through Discrepancy vulnerability in multiple products
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
network
low complexity
spip debian canonical CWE-203
5.3
2019-09-17 CVE-2019-16393 Open Redirect vulnerability in multiple products
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
network
low complexity
spip debian canonical CWE-601
6.1