Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-07 | CVE-2017-15391 | Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page. | 6.5 |
| 2018-02-07 | CVE-2017-15390 | Improper Input Validation vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 6.5 |
| 2018-02-07 | CVE-2017-15389 | Improper Input Validation vulnerability in multiple products An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
| 2018-02-07 | CVE-2017-15388 | Out-of-bounds Read vulnerability in multiple products Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
| 2018-02-07 | CVE-2017-15387 | Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page. | 8.8 |
| 2018-02-07 | CVE-2017-15386 | Improper Input Validation vulnerability in multiple products Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
| 2018-02-07 | CVE-2018-6574 | Code Injection vulnerability in multiple products Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. | 7.8 |
| 2018-02-07 | CVE-2018-6799 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. | 8.8 |
| 2018-02-07 | CVE-2018-6794 | Protection Mechanism Failure vulnerability in multiple products Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. | 5.0 |
| 2018-02-07 | CVE-2018-6791 | OS Command Injection vulnerability in multiple products An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. | 7.2 |