Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-31 CVE-2017-1000256 Improper Certificate Validation vulnerability in multiple products
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
network
high complexity
redhat debian CWE-295
8.1
2017-10-27 CVE-2017-15930 NULL Pointer Dereference vulnerability in multiple products
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
network
low complexity
graphicsmagick debian CWE-476
8.8
2017-10-27 CVE-2017-15924 OS Command Injection vulnerability in multiple products
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.
local
low complexity
shadowsocks debian CWE-78
7.2
2017-10-27 CVE-2017-5122 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.
network
low complexity
google debian CWE-119
8.8
2017-10-27 CVE-2017-5121 Improper Input Validation vulnerability in multiple products
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.
network
low complexity
google debian redhat CWE-20
8.8
2017-10-27 CVE-2017-5116 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-843
8.8
2017-10-27 CVE-2017-5114 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
network
low complexity
google debian redhat CWE-119
8.8
2017-10-27 CVE-2017-5113 Out-of-bounds Write vulnerability in multiple products
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian redhat CWE-787
8.8
2017-10-27 CVE-2017-5111 Use After Free vulnerability in multiple products
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
network
low complexity
google redhat debian CWE-416
8.8
2017-10-27 CVE-2017-5100 Use After Free vulnerability in multiple products
A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
8.8