Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-11-23 CVE-2018-19475 psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
local
low complexity
artifex debian canonical redhat
7.8
7.8
2018-11-17 CVE-2018-19274 Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
network
low complexity
phpbb debian
7.2
7.2
2018-11-16 CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3.
network
low complexity
ruby-lang canonical debian redhat
7.5
7.5
2018-11-16 CVE-2018-19296 PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. 8.8
8.8
2018-11-14 CVE-2018-6083 Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
network
low complexity
google redhat debian
8.8
8.8
2018-11-14 CVE-2018-6074 Improper Input Validation vulnerability in multiple products
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
8.8
8.8
2018-11-14 CVE-2018-6073 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
network
low complexity
google redhat debian CWE-787
8.8
8.8
2018-11-14 CVE-2018-6072 Use After Free vulnerability in multiple products
An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google redhat debian CWE-416
8.8
8.8
2018-11-14 CVE-2018-6071 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google redhat debian CWE-190
8.8
8.8
2018-11-14 CVE-2018-6067 Out-of-bounds Read vulnerability in multiple products
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat debian CWE-125
8.8
8.8