Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-11-29 CVE-2018-8787 Integer Overflow or Wraparound vulnerability in multiple products
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
network
low complexity
freerdp canonical debian redhat CWE-190
critical
 9.8
9.8
2018-11-29 CVE-2018-8786 Incorrect Conversion between Numeric Types vulnerability in multiple products
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
network
low complexity
freerdp canonical debian fedoraproject redhat CWE-681
critical
 9.8
9.8
2018-11-21 CVE-2018-19409 An issue was discovered in Artifex Ghostscript before 9.26.
network
low complexity
artifex debian canonical redhat
critical
 9.8
9.8
2018-11-16 CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3.
network
low complexity
ruby-lang canonical debian redhat
critical
 9.8
9.8
2018-11-14 CVE-2018-17472 Improper Input Validation vulnerability in multiple products
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
critical
 9.6
9.6
2018-11-14 CVE-2018-17462 Use After Free vulnerability in multiple products
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
critical
 9.6
9.6
2018-11-12 CVE-2018-19199 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in uriparser before 0.9.0.
network
low complexity
uriparser-project debian CWE-190
critical
 9.8
9.8
2018-11-12 CVE-2018-19198 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in uriparser before 0.9.0.
network
low complexity
uriparser-project debian CWE-787
critical
 9.8
9.8
2018-11-08 CVE-2018-19115 Out-of-bounds Write vulnerability in multiple products
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
network
low complexity
keepalived debian redhat CWE-787
critical
 9.8
9.8
2018-10-31 CVE-2018-16842 Out-of-bounds Read vulnerability in multiple products
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
network
low complexity
haxx canonical debian CWE-125
critical
 9.1
9.1