Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-29 | CVE-2019-7149 | Out-of-bounds Read vulnerability in multiple products A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. | 4.3 |
| 2019-01-26 | CVE-2019-6799 | An issue was discovered in phpMyAdmin before 4.8.5. | 4.3 |
| 2019-01-25 | CVE-2019-3819 | Infinite Loop vulnerability in multiple products A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. | 4.9 |
| 2019-01-25 | CVE-2019-6956 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. | 5.8 |
| 2019-01-25 | CVE-2018-20743 | Improper Input Validation vulnerability in multiple products murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. | 5.0 |
| 2019-01-25 | CVE-2017-18359 | Improper Input Validation vulnerability in multiple products PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled. | 5.0 |
| 2019-01-22 | CVE-2017-6922 | Files or Directories Accessible to External Parties vulnerability in multiple products In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. | 6.5 |
| 2019-01-16 | CVE-2018-5740 | Reachable Assertion vulnerability in multiple products "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. | 5.0 |
| 2019-01-16 | CVE-2018-5733 | Integer Overflow or Wraparound vulnerability in multiple products A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. | 5.0 |
| 2019-01-16 | CVE-2017-3144 | Resource Exhaustion vulnerability in multiple products A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. | 5.0 |