Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-16 | CVE-2018-10124 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. | 5.5 |
| 2018-04-16 | CVE-2018-10102 | Cross-site Scripting vulnerability in multiple products Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. | 6.1 |
| 2018-04-16 | CVE-2018-10101 | Open Redirect vulnerability in multiple products Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. | 6.1 |
| 2018-04-16 | CVE-2018-10100 | Open Redirect vulnerability in multiple products Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. | 6.1 |
| 2018-04-13 | CVE-2017-0370 | Improper Input Validation vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. | 5.3 |
| 2018-04-13 | CVE-2017-0369 | Incorrect Default Permissions vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. | 6.5 |
| 2018-04-13 | CVE-2017-0368 | Improper Input Validation vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. | 5.3 |
| 2018-04-13 | CVE-2017-0366 | Improper Input Validation vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. | 5.4 |
| 2018-04-13 | CVE-2017-0365 | Cross-site Scripting vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. | 4.7 |
| 2018-04-13 | CVE-2017-0364 | Open Redirect vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. | 6.1 |