Debian: >> Debian Linux Security Vulnerabilities
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
7.5
EPSS Score
0.023
Published
2019-07-10
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
7.5
EPSS Score
0.02
Published
2019-07-10
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
5.3
EPSS Score
0.013
Published
2019-07-10
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
CVSS Score
9.8
EPSS Score
0.034
Published
2019-07-10
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
CVSS Score
9.8
EPSS Score
0.04
Published
2019-07-10
ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
CVSS Score
6.5
EPSS Score
0.044
Published
2019-07-09
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.
CVSS Score
4.6
EPSS Score
0.008
Published
2019-07-08
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
CVSS Score
6.1
EPSS Score
0.745
Published
2019-07-05
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
CVSS Score
8.8
EPSS Score
0.031
Published
2019-07-05
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
CVSS Score
8.8
EPSS Score
0.032
Published
2019-07-05