Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-12-04 CVE-2018-6152 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
network
low complexity
google redhat debian CWE-434
critical
 9.6
9.6
2018-11-29 CVE-2018-8788 Out-of-bounds Write vulnerability in multiple products
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
network
low complexity
freerdp canonical debian CWE-787
critical
 9.8
9.8
2018-11-29 CVE-2018-8787 Integer Overflow or Wraparound vulnerability in multiple products
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
network
low complexity
freerdp canonical debian redhat CWE-190
critical
 9.8
9.8
2018-11-29 CVE-2018-8786 Incorrect Conversion between Numeric Types vulnerability in multiple products
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
network
low complexity
freerdp canonical debian fedoraproject redhat CWE-681
critical
 9.8
9.8
2018-11-21 CVE-2018-19409 An issue was discovered in Artifex Ghostscript before 9.26.
network
low complexity
artifex debian canonical redhat
critical
 9.8
9.8
2018-11-16 CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3.
network
low complexity
ruby-lang canonical debian redhat
critical
 9.8
9.8
2018-11-14 CVE-2018-17472 Improper Input Validation vulnerability in multiple products
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
critical
 9.6
9.6
2018-11-14 CVE-2018-17462 Use After Free vulnerability in multiple products
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
critical
 9.6
9.6
2018-11-12 CVE-2018-19199 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in uriparser before 0.9.0.
network
low complexity
uriparser-project debian CWE-190
critical
 9.8
9.8
2018-11-12 CVE-2018-19198 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in uriparser before 0.9.0.
network
low complexity
uriparser-project debian CWE-787
critical
 9.8
9.8