Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2016-9905 | Improper Access Control vulnerability in multiple products A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. | 8.8 |
| 2018-06-11 | CVE-2016-9904 | Information Exposure vulnerability in multiple products An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. | 7.5 |
| 2018-06-11 | CVE-2016-9900 | 7PK - Security Features vulnerability in multiple products External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. | 7.5 |
| 2018-06-11 | CVE-2016-9897 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. | 7.5 |
| 2018-06-11 | CVE-2016-9079 | Use After Free vulnerability in multiple products A use-after-free vulnerability in SVG Animation has been discovered. | 7.5 |
| 2018-06-11 | CVE-2016-9066 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. | 7.5 |
| 2018-06-11 | CVE-2016-5296 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. | 7.5 |
| 2018-06-08 | CVE-2018-12020 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. | 7.5 |
| 2018-06-07 | CVE-2018-12015 | Link Following vulnerability in multiple products In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. | 7.5 |
| 2018-06-05 | CVE-2017-7654 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. | 7.5 |