Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-6127 Use After Free vulnerability in multiple products
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
critical
 9.6
9.6
2019-01-09 CVE-2018-16068 Improper Input Validation vulnerability in multiple products
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
critical
 9.6
9.6
2019-01-02 CVE-2018-19362 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
 9.8
9.8
2019-01-02 CVE-2018-19361 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
 9.8
9.8
2019-01-02 CVE-2018-19360 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
 9.8
9.8
2019-01-02 CVE-2018-14721 Server-Side Request Forgery (SSRF) vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-918
critical
 10.0
10
2019-01-02 CVE-2018-14720 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
 9.8
9.8
2019-01-02 CVE-2018-14719 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat netapp CWE-502
critical
 9.8
9.8
2019-01-02 CVE-2018-14718 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle netapp redhat CWE-502
critical
 9.8
9.8
2018-12-26 CVE-2018-19873 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Qt before 5.11.3.
network
low complexity
qt debian opensuse CWE-119
critical
 9.8
9.8