Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-04 | CVE-2018-0504 | Information Exposure Through Log Files vulnerability in multiple products Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid | 4.0 |
| 2018-10-04 | CVE-2018-0503 | Improper Privilege Management vulnerability in multiple products Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | 4.0 |
| 2018-10-04 | CVE-2018-11784 | Open Redirect vulnerability in multiple products When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. | 4.3 |
| 2018-10-03 | CVE-2018-17972 | Race Condition vulnerability in multiple products An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. | 5.5 |
| 2018-09-28 | CVE-2018-17581 | Resource Exhaustion vulnerability in multiple products CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. | 6.5 |
| 2018-09-28 | CVE-2018-16587 | Improper Input Validation vulnerability in multiple products In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. | 5.8 |
| 2018-09-28 | CVE-2018-16586 | In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. | 4.3 |
| 2018-09-25 | CVE-2018-6052 | Information Exposure vulnerability in multiple products Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. | 4.3 |
| 2018-09-25 | CVE-2018-6051 | Cross-site Scripting vulnerability in multiple products XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page. | 4.3 |
| 2018-09-25 | CVE-2018-6050 | Improper Input Validation vulnerability in multiple products Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |