Vulnerabilities > Debian > Debian Linux > 10.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-19 | CVE-2018-5786 | Infinite Loop vulnerability in multiple products In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). | 5.5 |
| 2017-12-31 | CVE-2017-18005 | NULL Pointer Dereference vulnerability in multiple products Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. | 5.5 |
| 2017-12-14 | CVE-2017-17527 | Injection vulnerability in multiple products delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-12-14 | CVE-2017-17515 | Injection vulnerability in multiple products etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-12-14 | CVE-2017-17514 | Injection vulnerability in multiple products boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-12-13 | CVE-2017-17669 | Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. | 5.5 |
| 2017-11-20 | CVE-2017-2896 | Out-of-bounds Write vulnerability in multiple products An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. | 6.8 |
| 2017-10-27 | CVE-2017-5121 | Improper Input Validation vulnerability in multiple products Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. | 8.8 |
| 2017-10-27 | CVE-2017-5120 | Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. | 6.5 |
| 2017-10-27 | CVE-2017-5118 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | 4.3 |