Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-21 | CVE-2019-8980 | Memory Leak vulnerability in multiple products A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. | 7.5 |
| 2019-02-20 | CVE-2018-5819 | Resource Exhaustion vulnerability in multiple products An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. | 7.5 |
| 2019-02-20 | CVE-2018-5818 | Infinite Loop vulnerability in multiple products An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. | 7.5 |
| 2019-02-20 | CVE-2018-5817 | Incorrect Type Conversion or Cast vulnerability in multiple products A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. | 7.5 |
| 2019-02-20 | CVE-2019-8942 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. | 8.8 |
| 2019-02-19 | CVE-2019-5783 | Improper Input Validation vulnerability in multiple products Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. | 8.8 |
| 2019-02-19 | CVE-2019-5782 | Out-of-bounds Write vulnerability in multiple products Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2019-02-19 | CVE-2019-5780 | Improper Input Validation vulnerability in multiple products Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. | 7.8 |
| 2019-02-19 | CVE-2019-5774 | Missing Authorization vulnerability in multiple products Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file. | 8.8 |
| 2019-02-19 | CVE-2019-5772 | Use After Free vulnerability in multiple products Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |