Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-07 CVE-2017-5126 Use After Free vulnerability in multiple products
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google debian CWE-416
8.8
2018-02-07 CVE-2017-5125 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-119
8.8
2018-02-07 CVE-2017-15393 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.
network
low complexity
google debian CWE-668
8.8
2018-02-07 CVE-2017-15388 Out-of-bounds Read vulnerability in multiple products
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian CWE-125
8.8
2018-02-07 CVE-2017-15387 Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
network
low complexity
google debian
8.8
2018-02-07 CVE-2018-6574 Code Injection vulnerability in multiple products
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
local
low complexity
golang debian redhat CWE-94
7.8
2018-02-07 CVE-2018-6799 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.
network
low complexity
graphicsmagick debian CWE-119
8.8
2018-02-07 CVE-2018-6791 OS Command Injection vulnerability in multiple products
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0.
local
low complexity
kde debian CWE-78
7.2
2018-02-02 CVE-2018-6521 The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters.
network
low complexity
simplesamlphp debian
7.5
2018-01-29 CVE-2016-10711 HTTP Request Smuggling vulnerability in multiple products
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.
network
low complexity
debian apsis CWE-444
7.5