Vulnerabilities > Debian > Debian Linux > Low

DATE CVE VULNERABILITY TITLE RISK
2018-10-07 CVE-2018-18021 Improper Input Validation vulnerability in Linux Kernel
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl.
local
low complexity
linux debian canonical CWE-20
3.6
2018-10-01 CVE-2015-9267 Improper Privilege Management vulnerability in multiple products
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files.
local
low complexity
nullsoft debian CWE-269
3.6
2018-09-25 CVE-2018-6053 Information Exposure vulnerability in multiple products
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
local
low complexity
google redhat debian CWE-200
3.3
2018-09-07 CVE-2018-16658 Information Exposure vulnerability in Linux Kernel
An issue was discovered in the Linux kernel before 4.18.6.
local
low complexity
linux canonical debian CWE-200
3.6
2018-08-20 CVE-2018-15594 Information Exposure vulnerability in multiple products
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
local
low complexity
debian canonical linux CWE-200
2.1
2018-08-20 CVE-2018-15572 The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
local
low complexity
debian canonical linux
2.1
2018-08-08 CVE-2018-14526 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in multiple products
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6.
low complexity
canonical debian w1-fi CWE-924
3.3
2018-08-07 CVE-2018-5953 Information Exposure vulnerability in multiple products
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.
local
low complexity
linux debian CWE-200
2.1
2018-07-31 CVE-2018-14432 Information Exposure vulnerability in multiple products
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects.
3.5
2018-07-28 CVE-2018-0498 ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
local
arm debian
1.9