Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2019-9903 Out-of-bounds Write vulnerability in multiple products
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
6.5
2019-03-21 CVE-2019-7222 The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. 5.5
2019-03-21 CVE-2019-6454 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in sd-bus in systemd 239.
5.5
2019-03-21 CVE-2019-3832 Out-of-bounds Read vulnerability in multiple products
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c.
5.5
2019-03-21 CVE-2018-20340 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow.
local
low complexity
yubico debian CWE-119
4.6
2019-03-15 CVE-2018-20178 Out-of-bounds Read vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).
network
low complexity
rdesktop debian CWE-125
5.0
2019-03-15 CVE-2018-20175 Out-of-bounds Read vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).
network
low complexity
rdesktop debian CWE-125
5.0
2019-03-13 CVE-2018-17937 Stack-based Buffer Overflow vulnerability in multiple products
gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.
5.8
2019-03-13 CVE-2019-9741 CRLF Injection vulnerability in multiple products
An issue was discovered in net/http in Go 1.11.5.
network
low complexity
golang debian fedoraproject redhat CWE-93
6.1
2019-03-13 CVE-2019-9735 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3.
network
low complexity
openstack redhat debian CWE-755
4.0