Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-5103 | Use of Uninitialized Resource vulnerability in multiple products Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 4.3 |
| 2017-10-27 | CVE-2017-5102 | Use of Uninitialized Resource vulnerability in multiple products Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 4.3 |
| 2017-10-27 | CVE-2017-5101 | Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. | 6.5 |
| 2017-10-27 | CVE-2017-5094 | Type Confusion vulnerability in multiple products Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. | 6.5 |
| 2017-10-27 | CVE-2017-5093 | Improper Input Validation vulnerability in multiple products Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. | 6.5 |
| 2017-10-26 | CVE-2017-15906 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | 5.3 |
| 2017-10-24 | CVE-2017-15873 | Integer Overflow or Wraparound vulnerability in multiple products The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. | 4.3 |
| 2017-10-22 | CVE-2017-15723 | NULL Pointer Dereference vulnerability in multiple products In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. | 5.0 |
| 2017-10-22 | CVE-2017-15722 | Out-of-bounds Read vulnerability in multiple products In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. | 4.3 |
| 2017-10-22 | CVE-2017-15721 | NULL Pointer Dereference vulnerability in multiple products In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. | 5.0 |