Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-21 | CVE-2014-5255 | Race Condition vulnerability in multiple products xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. | 4.4 |
| 2019-11-21 | CVE-2019-18890 | SQL Injection vulnerability in multiple products A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query. | 4.0 |
| 2019-11-21 | CVE-2019-5087 | Integer Overflow or Wraparound vulnerability in multiple products An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. | 6.8 |
| 2019-11-21 | CVE-2019-5086 | Integer Overflow or Wraparound vulnerability in multiple products An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. | 6.8 |
| 2019-11-21 | CVE-2014-1936 | Improper Input Validation vulnerability in multiple products rc before 1.7.1-5 insecurely creates temporary files. | 5.0 |
| 2019-11-21 | CVE-2014-1935 | Improper Input Validation vulnerability in multiple products 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. | 5.0 |
| 2019-11-21 | CVE-2012-3543 | Improper Input Validation vulnerability in multiple products mono 2.10.x ASP.NET Web Form Hash collision DoS | 5.0 |
| 2019-11-21 | CVE-2012-2350 | Improper Input Validation vulnerability in multiple products pam_shield before 0.9.4: Default configuration does not perform protective action | 5.0 |
| 2019-11-21 | CVE-2019-19039 | Information Exposure Through Log Files vulnerability in multiple products __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. | 5.5 |
| 2019-11-20 | CVE-2015-3167 | Information Exposure vulnerability in multiple products contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | 5.0 |