Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-11 | CVE-2017-5439 | Use After Free vulnerability in multiple products A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. | 9.8 |
2018-06-11 | CVE-2017-5438 | Use After Free vulnerability in multiple products A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. | 9.8 |
2018-06-11 | CVE-2017-5435 | Use After Free vulnerability in multiple products A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. | 9.8 |
2018-06-11 | CVE-2017-5434 | Use After Free vulnerability in multiple products A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. | 9.8 |
2018-06-11 | CVE-2017-5433 | Use After Free vulnerability in multiple products A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. | 9.8 |
2018-06-11 | CVE-2017-5432 | Use After Free vulnerability in multiple products A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. | 9.8 |
2018-06-11 | CVE-2017-5429 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. | 9.8 |
2018-06-11 | CVE-2017-5398 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Thunderbird 45.7. | 10.0 |
2018-06-11 | CVE-2016-9899 | Use After Free vulnerability in multiple products Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. | 9.8 |
2018-05-24 | CVE-2018-8013 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. | 9.8 |