Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-03-12 CVE-2019-9718 Out-of-bounds Read vulnerability in multiple products
In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
network
low complexity
ffmpeg debian canonical CWE-125
6.5
6.5
2019-03-12 CVE-2019-9705 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
local
low complexity
cron-project debian fedoraproject CWE-770
5.5
5.5
2019-03-12 CVE-2019-9704 Unchecked Return Value vulnerability in multiple products
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.
local
low complexity
cron-project fedoraproject debian CWE-252
5.5
5.5
2019-03-11 CVE-2019-9658 XXE vulnerability in multiple products
Checkstyle before 8.18 loads external DTDs by default.
network
low complexity
checkstyle debian fedoraproject CWE-611
5.3
5.3
2019-03-09 CVE-2019-9640 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php canonical debian opensuse netapp redhat CWE-125
5.0
5.0
2019-03-09 CVE-2019-9639 Missing Initialization of Resource vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp redhat CWE-909
5.0
5.0
2019-03-09 CVE-2019-9638 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp redhat CWE-125
5.0
5.0
2019-03-09 CVE-2019-9637 Permissions, Privileges, and Access Controls vulnerability in PHP
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp CWE-264
5.0
5.0
2019-03-07 CVE-2019-7175 Memory Leak vulnerability in multiple products
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
network
low complexity
imagemagick opensuse debian canonical CWE-401
5.0
5.0
2019-03-07 CVE-2018-14498 Out-of-bounds Read vulnerability in multiple products
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. 		6.5
6.5