Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-23 CVE-2019-16713 Memory Leak vulnerability in multiple products
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
network
low complexity
imagemagick canonical opensuse debian CWE-401
6.5
6.5
2019-09-23 CVE-2019-16711 Memory Leak vulnerability in multiple products
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
network
low complexity
imagemagick debian opensuse canonical CWE-401
6.5
6.5
2019-09-23 CVE-2019-16710 Memory Leak vulnerability in multiple products
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
network
low complexity
imagemagick debian opensuse canonical CWE-401
6.5
6.5
2019-09-23 CVE-2019-16708 Memory Leak vulnerability in multiple products
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
network
low complexity
imagemagick canonical opensuse debian CWE-401
6.5
6.5
2019-09-21 CVE-2019-16680 Path Traversal vulnerability in multiple products
An issue was discovered in GNOME file-roller before 3.29.91.
network
low complexity
gnome redhat debian canonical CWE-22
4.3
4.3
2019-09-19 CVE-2019-11779 Uncontrolled Recursion vulnerability in multiple products
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. 		6.5
6.5
2019-09-17 CVE-2019-16394 Information Exposure Through Discrepancy vulnerability in multiple products
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
network
low complexity
spip debian canonical CWE-203
5.3
5.3
2019-09-17 CVE-2019-16393 Open Redirect vulnerability in multiple products
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
network
low complexity
spip debian canonical CWE-601
6.1
6.1
2019-09-17 CVE-2019-16392 Cross-site Scripting vulnerability in multiple products
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
network
low complexity
spip debian canonical CWE-79
6.1
6.1
2019-09-17 CVE-2019-16391 SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database.
network
low complexity
spip debian canonical
6.5
6.5