Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-04 | CVE-2018-6085 | Use After Free vulnerability in multiple products Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 8.8 |
2018-11-29 | CVE-2018-8788 | Out-of-bounds Write vulnerability in multiple products FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. | 7.5 |
2018-11-29 | CVE-2018-8787 | Integer Overflow or Wraparound vulnerability in multiple products FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. | 7.5 |
2018-11-29 | CVE-2018-19628 | Divide By Zero vulnerability in multiple products In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. | 7.5 |
2018-11-29 | CVE-2018-19627 | Out-of-bounds Read vulnerability in multiple products In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. | 7.5 |
2018-11-29 | CVE-2018-19623 | Out-of-bounds Write vulnerability in multiple products In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. | 7.5 |
2018-11-29 | CVE-2018-19622 | Infinite Loop vulnerability in multiple products In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. | 7.5 |
2018-11-25 | CVE-2018-19518 | Argument Injection or Modification vulnerability in multiple products University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. | 7.5 |
2018-11-23 | CVE-2018-19477 | Incorrect Type Conversion or Cast vulnerability in multiple products psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | 7.8 |
2018-11-23 | CVE-2018-19476 | Incorrect Type Conversion or Cast vulnerability in multiple products psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. | 7.8 |