Vulnerabilities > Debian > Debian Linux > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-14 | CVE-2018-20153 | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. | 3.5 |
| 2018-11-26 | CVE-2018-16862 | Information Exposure vulnerability in Linux Kernel A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). | 2.1 |
| 2018-11-11 | CVE-2018-19141 | Cross-site Scripting vulnerability in multiple products Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | 3.5 |
| 2018-10-30 | CVE-2018-16468 | Cross-site Scripting vulnerability in multiple products In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | 3.5 |
| 2018-10-29 | CVE-2018-18710 | Information Exposure vulnerability in Linux Kernel An issue was discovered in the Linux kernel through 4.19. | 2.1 |
| 2018-10-23 | CVE-2018-16837 | Missing Encryption of Sensitive Data vulnerability in multiple products Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. | 2.1 |
| 2018-10-18 | CVE-2018-12383 | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 2.1 |
| 2018-10-17 | CVE-2018-3136 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). | 2.6 |
| 2018-10-17 | CVE-2018-3139 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). | 2.6 |
| 2018-10-10 | CVE-2018-16738 | Improper Authentication vulnerability in multiple products tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. | 3.7 |