Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-13 CVE-2018-0488 Out-of-bounds Write vulnerability in multiple products
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
network
low complexity
arm debian CWE-787
7.5
2018-02-13 CVE-2018-0487 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
network
low complexity
arm debian CWE-119
7.5
2018-02-09 CVE-2018-1000051 Use After Free vulnerability in multiple products
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution.
local
low complexity
artifex debian CWE-416
7.8
2018-02-09 CVE-2018-1000026 Improper Input Validation vulnerability in multiple products
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line.
network
low complexity
linux canonical redhat debian CWE-20
7.7
2018-02-07 CVE-2017-5133 Out-of-bounds Write vulnerability in multiple products
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.
network
low complexity
google debian CWE-787
8.8
2018-02-07 CVE-2017-5132 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.
network
low complexity
google debian CWE-119
8.8
2018-02-07 CVE-2017-5131 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.
network
low complexity
google debian CWE-190
8.8
2018-02-07 CVE-2017-5129 Use After Free vulnerability in multiple products
A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
2018-02-07 CVE-2017-5128 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.
network
low complexity
google debian CWE-119
8.8
2018-02-07 CVE-2017-5127 Use After Free vulnerability in multiple products
Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google debian CWE-416
8.8