Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-18 | CVE-2018-12386 | Incorrect Type Conversion or Cast vulnerability in multiple products A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. | 5.8 |
| 2018-10-18 | CVE-2018-12385 | Improper Input Validation vulnerability in multiple products A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. | 4.4 |
| 2018-10-18 | CVE-2018-12379 | Out-of-bounds Write vulnerability in multiple products When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. | 4.6 |
| 2018-10-18 | CVE-2018-12374 | Information Exposure vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. | 4.3 |
| 2018-10-18 | CVE-2018-12373 | Information Exposure vulnerability in multiple products dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. | 4.3 |
| 2018-10-18 | CVE-2018-12372 | Information Exposure vulnerability in multiple products Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. | 4.3 |
| 2018-10-18 | CVE-2018-12367 | Improper Input Validation vulnerability in multiple products In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. | 4.3 |
| 2018-10-18 | CVE-2018-12366 | Out-of-bounds Read vulnerability in multiple products An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. | 4.3 |
| 2018-10-18 | CVE-2018-12365 | Information Exposure vulnerability in multiple products A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. | 4.3 |
| 2018-10-18 | CVE-2018-12364 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. | 6.8 |