Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-03 | CVE-2018-13099 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. | 5.5 |
| 2018-07-03 | CVE-2018-13096 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. | 5.5 |
| 2018-07-03 | CVE-2018-10855 | Information Exposure Through Log Files vulnerability in multiple products Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. | 4.3 |
| 2018-07-02 | CVE-2018-12892 | Information Exposure vulnerability in multiple products An issue was discovered in Xen 4.7 through 4.10.x. | 6.5 |
| 2018-07-02 | CVE-2018-12891 | An issue was discovered in Xen through 4.10.x. | 4.9 |
| 2018-07-02 | CVE-2018-13054 | Link Following vulnerability in multiple products An issue was discovered in Cinnamon 1.9.2 through 3.8.6. | 5.8 |
| 2018-06-29 | CVE-2018-10860 | Path Traversal vulnerability in multiple products perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. | 6.4 |
| 2018-06-26 | CVE-2018-12895 | Path Traversal vulnerability in multiple products WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. | 6.5 |
| 2018-06-26 | CVE-2018-3760 | Information Exposure vulnerability in multiple products There is an information leak vulnerability in Sprockets. | 5.0 |
| 2018-06-26 | CVE-2018-1000528 | Cross-site Scripting vulnerability in multiple products GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. | 4.3 |