Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-11 | CVE-2018-18336 | Use After Free vulnerability in multiple products Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
| 2018-12-11 | CVE-2018-18335 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2018-12-11 | CVE-2018-17481 | Use After Free vulnerability in multiple products Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
| 2018-12-11 | CVE-2018-17480 | Out-of-bounds Write vulnerability in multiple products Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2018-12-10 | CVE-2018-20004 | Out-of-bounds Write vulnerability in multiple products An issue has been found in Mini-XML (aka mxml) 2.12. | 8.8 |
| 2018-12-08 | CVE-2018-19966 | Interpretation Conflict vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. | 8.8 |
| 2018-12-08 | CVE-2018-19962 | Information Exposure vulnerability in multiple products An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. | 7.8 |
| 2018-12-08 | CVE-2018-19961 | Incomplete Cleanup vulnerability in multiple products An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. | 7.8 |
| 2018-12-04 | CVE-2018-6101 | Improper Input Validation vulnerability in multiple products A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. | 7.5 |
| 2018-12-04 | CVE-2018-6094 | Out-of-bounds Write vulnerability in multiple products Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |