Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-26 | CVE-2018-15518 | Double Free vulnerability in multiple products QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. | 6.8 |
| 2018-12-26 | CVE-2018-20481 | NULL Pointer Dereference vulnerability in multiple products XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. | 4.3 |
| 2018-12-26 | CVE-2018-20467 | Infinite Loop vulnerability in multiple products In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. | 4.3 |
| 2018-12-24 | CVE-2018-20431 | NULL Pointer Dereference vulnerability in multiple products GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. | 4.3 |
| 2018-12-24 | CVE-2018-20430 | Out-of-bounds Read vulnerability in multiple products GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. | 4.3 |
| 2018-12-22 | CVE-2018-20360 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. | 4.3 |
| 2018-12-19 | CVE-2018-6307 | Use After Free vulnerability in multiple products LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution. | 6.8 |
| 2018-12-19 | CVE-2018-20024 | NULL Pointer Dereference vulnerability in multiple products LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. | 5.0 |
| 2018-12-19 | CVE-2018-20023 | Improper Initialization vulnerability in multiple products LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. | 5.0 |
| 2018-12-19 | CVE-2018-20022 | Improper Initialization vulnerability in multiple products LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. | 5.0 |