Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2018-11-14 CVE-2018-17463 Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat debian
8.8
8.8
2018-11-12 CVE-2018-19216 Use After Free vulnerability in multiple products
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
local
low complexity
nasm debian CWE-416
7.8
7.8
2018-11-12 CVE-2018-19200 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in uriparser before 0.9.0.
network
low complexity
uriparser-project debian CWE-476
7.5
7.5
2018-11-07 CVE-2018-16844 nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage.
network
low complexity
f5 debian canonical apple
7.5
7.5
2018-11-07 CVE-2018-16843 nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption.
network
low complexity
f5 debian canonical opensuse apple
7.5
7.5
2018-11-07 CVE-2018-19052 Path Traversal vulnerability in multiple products
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50.
network
low complexity
lighttpd suse opensuse debian CWE-22
7.5
7.5
2018-11-06 CVE-2018-16472 Improper Input Validation vulnerability in multiple products
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.
network
low complexity
cached-path-relative-project debian CWE-20
7.5
7.5
2018-11-06 CVE-2018-9516 Out-of-bounds Write vulnerability in multiple products
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check.
local
low complexity
google debian canonical CWE-787
7.8
7.8
2018-11-06 CVE-2018-9422 Use After Free vulnerability in multiple products
In get_futex_key of futex.c, there is a use-after-free due to improper locking.
local
low complexity
google debian CWE-416
7.8
7.8
2018-11-06 CVE-2018-9363 Integer Overflow or Wraparound vulnerability in multiple products
In the hidp_process_report in bluetooth, there is an integer overflow.
local
low complexity
google canonical debian linux CWE-190
8.4
8.4