Vulnerabilities > Debian > Low

DATE CVE VULNERABILITY TITLE RISK
2018-10-18 CVE-2018-12383 Insufficiently Protected Credentials vulnerability in multiple products
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible.
local
low complexity
redhat debian canonical mozilla CWE-522
2.1
2.1
2018-10-17 CVE-2018-3139 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).
network
high complexity
oracle redhat debian canonical hp
2.6
2.6
2018-10-17 CVE-2018-3136 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).
network
high complexity
oracle redhat debian canonical hp
2.6
2.6
2018-10-10 CVE-2018-16738 Improper Authentication vulnerability in multiple products
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation.
network
high complexity
tinc-vpn debian starwindsoftware CWE-287
3.7
3.7
2018-10-07 CVE-2018-18021 Improper Input Validation vulnerability in Linux Kernel
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl.
local
low complexity
linux debian canonical CWE-20
3.6
3.6
2018-10-01 CVE-2015-9267 Improper Privilege Management vulnerability in multiple products
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files.
local
low complexity
nullsoft debian CWE-269
3.6
3.6
2018-09-25 CVE-2018-6053 Information Exposure vulnerability in multiple products
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
local
low complexity
google redhat debian CWE-200
3.3
3.3
2018-09-07 CVE-2018-16658 Information Exposure vulnerability in Linux Kernel
An issue was discovered in the Linux kernel before 4.18.6.
local
low complexity
linux canonical debian CWE-200
3.6
3.6
2018-08-20 CVE-2018-15594 Information Exposure vulnerability in multiple products
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
local
low complexity
debian canonical linux CWE-200
2.1
2.1
2018-08-20 CVE-2018-15572 The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
local
low complexity
debian canonical linux
2.1
2.1