Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-19 | CVE-2018-20023 | Improper Initialization vulnerability in multiple products LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. | 7.5 |
| 2018-12-19 | CVE-2018-20022 | Improper Initialization vulnerability in multiple products LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. | 7.5 |
| 2018-12-19 | CVE-2018-20021 | Infinite Loop vulnerability in multiple products LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. | 7.5 |
| 2018-12-18 | CVE-2018-16884 | A flaw was found in the Linux kernel's NFS41+ subsystem. | 8.0 |
| 2018-12-18 | CVE-2018-20196 | Out-of-bounds Write vulnerability in multiple products There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. | 7.8 |
| 2018-12-14 | CVE-2018-20151 | Information Exposure vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. | 7.5 |
| 2018-12-14 | CVE-2018-16874 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). | 8.1 |
| 2018-12-14 | CVE-2018-16873 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. | 8.1 |
| 2018-12-11 | CVE-2018-18359 | Out-of-bounds Read vulnerability in multiple products Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
| 2018-12-11 | CVE-2018-18356 | Use After Free vulnerability in multiple products An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |