Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-1000878 | Use After Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. | 8.8 |
| 2018-12-20 | CVE-2018-1000877 | Double Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. | 8.8 |
| 2018-12-19 | CVE-2018-6307 | Use After Free vulnerability in multiple products LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution. | 8.1 |
| 2018-12-19 | CVE-2018-20024 | NULL Pointer Dereference vulnerability in multiple products LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. | 7.5 |
| 2018-12-19 | CVE-2018-20023 | Improper Initialization vulnerability in multiple products LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. | 7.5 |
| 2018-12-19 | CVE-2018-20022 | Improper Initialization vulnerability in multiple products LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. | 7.5 |
| 2018-12-19 | CVE-2018-20021 | Infinite Loop vulnerability in multiple products LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. | 7.5 |
| 2018-12-18 | CVE-2018-16884 | A flaw was found in the Linux kernel's NFS41+ subsystem. | 8.0 |
| 2018-12-18 | CVE-2018-20196 | Out-of-bounds Write vulnerability in multiple products There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. | 7.8 |
| 2018-12-14 | CVE-2018-20151 | Information Exposure vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. | 7.5 |