Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-04 | CVE-2018-6095 | Information Exposure vulnerability in multiple products Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. | 6.5 |
| 2018-12-04 | CVE-2018-6089 | Improper Input Validation vulnerability in multiple products A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. | 6.5 |
| 2018-12-04 | CVE-2018-19841 | Out-of-bounds Read vulnerability in multiple products The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. | 5.5 |
| 2018-12-02 | CVE-2018-19787 | Cross-site Scripting vulnerability in multiple products An issue was discovered in lxml before 4.2.5. | 6.1 |
| 2018-11-30 | CVE-2018-19777 | Infinite Loop vulnerability in multiple products In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. | 5.5 |
| 2018-11-30 | CVE-2018-19758 | Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. | 6.5 |
| 2018-11-29 | CVE-2018-19497 | Out-of-bounds Read vulnerability in multiple products In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). | 6.5 |
| 2018-11-29 | CVE-2018-19661 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in libsndfile 1.0.28. | 6.5 |
| 2018-11-29 | CVE-2018-19626 | Use of Uninitialized Resource vulnerability in multiple products In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. | 5.5 |
| 2018-11-29 | CVE-2018-19625 | Out-of-bounds Read vulnerability in multiple products In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. | 5.5 |