Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-08 | CVE-2018-19961 | Incomplete Cleanup vulnerability in multiple products An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. | 7.8 |
| 2018-12-07 | CVE-2018-5808 | Out-of-bounds Write vulnerability in multiple products An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code. | 8.8 |
| 2018-12-07 | CVE-2018-5802 | Out-of-bounds Read vulnerability in multiple products An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | 8.8 |
| 2018-12-07 | CVE-2018-19935 | NULL Pointer Dereference vulnerability in multiple products ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. | 7.5 |
| 2018-12-04 | CVE-2018-6101 | Improper Input Validation vulnerability in multiple products A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. | 7.5 |
| 2018-12-04 | CVE-2018-6094 | Out-of-bounds Write vulnerability in multiple products Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2018-12-04 | CVE-2018-6092 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2018-12-04 | CVE-2018-6090 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2018-12-04 | CVE-2018-6088 | Improper Input Validation vulnerability in multiple products An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. | 8.8 |
| 2018-12-04 | CVE-2018-6087 | Use After Free vulnerability in multiple products A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |