Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-5099 | Improper Input Validation vulnerability in multiple products Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5098 | Use After Free vulnerability in multiple products A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5097 | Improper Input Validation vulnerability in multiple products Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5095 | Out-of-bounds Write vulnerability in multiple products Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file. | 8.8 |
| 2017-10-27 | CVE-2017-5092 | Improper Input Validation vulnerability in multiple products Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5091 | Use After Free vulnerability in multiple products A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
| 2017-10-24 | CVE-2017-12613 | Out-of-bounds Read vulnerability in multiple products When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. | 7.1 |
| 2017-10-22 | CVE-2017-15723 | NULL Pointer Dereference vulnerability in multiple products In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. | 7.5 |
| 2017-10-22 | CVE-2017-15721 | NULL Pointer Dereference vulnerability in multiple products In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. | 7.5 |
| 2017-10-22 | CVE-2015-5177 | Double Free vulnerability in multiple products Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package. | 7.5 |