Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-28 CVE-2017-15412 Use After Free vulnerability in multiple products
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
redhat debian google xmlsoft CWE-416
8.8
2018-08-28 CVE-2017-15411 Use After Free vulnerability in multiple products
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google debian redhat CWE-416
8.8
2018-08-28 CVE-2017-15410 Use After Free vulnerability in multiple products
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google debian redhat CWE-416
8.8
2018-08-28 CVE-2017-15409 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian redhat CWE-119
8.8
2018-08-28 CVE-2017-15408 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
network
low complexity
google debian redhat CWE-119
8.8
2018-08-28 CVE-2017-15407 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.
network
low complexity
google debian redhat CWE-787
8.8
2018-08-28 CVE-2018-15911 Use of Uninitialized Resource vulnerability in multiple products
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
7.8
2018-08-27 CVE-2018-15910 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
7.8
2018-08-27 CVE-2018-15909 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
7.8
2018-08-27 CVE-2018-15908 In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
local
low complexity
artifex debian canonical redhat
7.8