Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2016-9905 Improper Access Control vulnerability in multiple products
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents.
network
low complexity
redhat debian mozilla CWE-284
8.8
2018-06-11 CVE-2016-9904 Information Exposure vulnerability in multiple products
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts.
network
low complexity
redhat debian mozilla CWE-200
7.5
2018-06-11 CVE-2016-9900 7PK - Security Features vulnerability in multiple products
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs.
network
low complexity
debian redhat mozilla CWE-254
7.5
2018-06-11 CVE-2016-9897 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.
network
low complexity
redhat debian mozilla CWE-119
7.5
2018-06-11 CVE-2016-9079 Use After Free vulnerability in multiple products
A use-after-free vulnerability in SVG Animation has been discovered.
network
low complexity
debian redhat mozilla torproject CWE-416
7.5
2018-06-11 CVE-2016-9066 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.
network
low complexity
mozilla debian CWE-119
7.5
2018-06-11 CVE-2016-5296 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.
network
low complexity
mozilla debian CWE-119
7.5
2018-06-08 CVE-2018-12020 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option.
network
low complexity
redhat canonical debian gnupg CWE-706
7.5
2018-06-07 CVE-2018-12015 Link Following vulnerability in multiple products
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
network
low complexity
canonical debian perl archive apple netapp CWE-59
7.5
2018-06-05 CVE-2017-7654 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker.
network
low complexity
eclipse debian CWE-772
7.5