Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-12-07 CVE-2018-19935 NULL Pointer Dereference vulnerability in multiple products
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
network
low complexity
php debian CWE-476
7.5
7.5
2018-12-04 CVE-2018-6101 Improper Input Validation vulnerability in multiple products
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
network
high complexity
redhat debian google CWE-20
7.5
7.5
2018-12-04 CVE-2018-6094 Out-of-bounds Write vulnerability in multiple products
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat debian CWE-787
8.8
8.8
2018-12-04 CVE-2018-6092 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-190
8.8
8.8
2018-12-04 CVE-2018-6090 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-190
8.8
8.8
2018-12-04 CVE-2018-6088 Improper Input Validation vulnerability in multiple products
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
network
low complexity
google redhat debian CWE-20
8.8
8.8
2018-12-04 CVE-2018-6087 Use After Free vulnerability in multiple products
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
8.8
8.8
2018-12-04 CVE-2018-6086 Use After Free vulnerability in multiple products
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
8.8
8.8
2018-12-04 CVE-2018-6085 Use After Free vulnerability in multiple products
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
8.8
8.8
2018-12-03 CVE-2018-19824 Use After Free vulnerability in multiple products
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
local
low complexity
linux canonical debian CWE-416
7.8
7.8