Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-11-14 CVE-2018-17472 Improper Input Validation vulnerability in multiple products
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
critical
 9.6
9.6
2018-11-14 CVE-2018-17462 Use After Free vulnerability in multiple products
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
critical
 9.6
9.6
2018-10-31 CVE-2018-16839 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
network
low complexity
haxx debian canonical CWE-119
critical
 9.8
9.8
2018-10-01 CVE-2015-9268 Improper Input Validation vulnerability in multiple products
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll.
network
nullsoft debian CWE-20
critical
 9.3
9.3
2018-09-21 CVE-2018-17141 Out-of-bounds Write vulnerability in multiple products
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.
network
low complexity
debian hylafax CWE-787
critical
 9.8
9.8
2018-09-18 CVE-2018-1000802 Command Injection vulnerability in multiple products
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive.
network
low complexity
python debian canonical opensuse CWE-77
critical
 9.8
9.8
2018-09-17 CVE-2018-11780 Code Injection vulnerability in multiple products
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
network
low complexity
apache pdfinfo-project debian canonical CWE-94
critical
 9.8
9.8
2018-09-05 CVE-2018-14618 Integer Overflow or Wraparound vulnerability in multiple products
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code.
network
low complexity
haxx canonical debian redhat CWE-190
critical
 10.0
10
2018-09-03 CVE-2018-16402 Double Free vulnerability in multiple products
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
network
low complexity
elfutils-project debian redhat opensuse canonical CWE-415
critical
 9.8
9.8
2018-08-28 CVE-2017-15398 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
network
low complexity
google redhat debian CWE-119
critical
 9.8
9.8