Vulnerabilities > Debian > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2016-9898 | Use After Free vulnerability in multiple products Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. | 9.8 |
| 2018-06-11 | CVE-2016-9893 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Thunderbird 45.5. | 9.8 |
| 2018-06-11 | CVE-2016-9063 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow during the parsing of XML using the Expat library. | 9.8 |
| 2018-06-11 | CVE-2016-5297 | Integer Overflow or Wraparound vulnerability in multiple products An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. | 9.8 |
| 2018-06-11 | CVE-2016-5290 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. | 9.8 |
| 2018-06-05 | CVE-2018-11743 | Access of Uninitialized Pointer vulnerability in multiple products The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact. | 9.8 |
| 2018-05-29 | CVE-2018-11531 | Out-of-bounds Write vulnerability in multiple products Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | 9.8 |
| 2018-05-24 | CVE-2018-8013 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. | 9.8 |
| 2018-05-24 | CVE-2018-1000301 | Out-of-bounds Read vulnerability in multiple products curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. | 9.1 |
| 2018-05-23 | CVE-2018-1126 | Integer Overflow or Wraparound vulnerability in multiple products procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. network low complexity procps-ng-project canonical debian redhat schneider-electric CWE-190 critical | 9.8 |