Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-25 CVE-2018-6035 Information Exposure vulnerability in multiple products
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
network
low complexity
google debian redhat CWE-200
8.8
2018-09-25 CVE-2018-6034 Out-of-bounds Read vulnerability in multiple products
Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat CWE-125
8.1
2018-09-25 CVE-2018-6033 Improper Input Validation vulnerability in multiple products
Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.
network
low complexity
google redhat debian CWE-20
8.8
2018-09-25 CVE-2018-6031 Use After Free vulnerability in multiple products
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google redhat debian CWE-416
8.8
2018-09-25 CVE-2018-14647 Missing Initialization of Resource vulnerability in multiple products
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization.
7.5
2018-09-25 CVE-2018-14633 A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed.
network
high complexity
linux debian canonical redhat
7.0
2018-09-24 CVE-2018-17281 Resource Exhaustion vulnerability in multiple products
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2.
network
low complexity
digium debian CWE-400
7.5
2018-09-23 CVE-2018-17407 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21.
local
low complexity
tug canonical debian CWE-119
7.8
2018-09-19 CVE-2018-17183 Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
local
low complexity
debian canonical artifex redhat
7.8
2018-09-19 CVE-2018-17182 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 4.18.8.
local
low complexity
linux canonical debian netapp CWE-416
7.8