Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-28 | CVE-2017-15419 | Open Redirect vulnerability in multiple products Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. | 6.5 |
| 2018-08-28 | CVE-2017-15418 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 4.3 |
| 2018-08-28 | CVE-2017-15417 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 5.3 |
| 2018-08-28 | CVE-2017-15416 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. | 6.5 |
| 2018-08-28 | CVE-2017-15415 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. | 6.5 |
| 2018-08-27 | CVE-2018-10938 | Infinite Loop vulnerability in multiple products A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. | 5.9 |
| 2018-08-22 | CVE-2018-10919 | Information Exposure vulnerability in multiple products The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. | 6.5 |
| 2018-08-22 | CVE-2018-10846 | A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. | 5.6 |
| 2018-08-22 | CVE-2018-10845 | It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. | 5.9 |
| 2018-08-22 | CVE-2018-10844 | It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. | 5.9 |