Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-07 CVE-2017-15388 Out-of-bounds Read vulnerability in multiple products
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian CWE-125
8.8
2018-02-07 CVE-2017-15387 Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
network
low complexity
google debian
8.8
2018-02-07 CVE-2018-6574 Code Injection vulnerability in multiple products
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
local
low complexity
golang debian redhat CWE-94
7.8
2018-02-07 CVE-2018-6799 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.
network
low complexity
graphicsmagick debian CWE-119
8.8
2018-02-06 CVE-2018-6767 Out-of-bounds Read vulnerability in multiple products
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
local
low complexity
wavpack debian canonical CWE-125
7.8
2018-02-03 CVE-2018-6594 Inadequate Encryption Strength vulnerability in multiple products
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack).
network
low complexity
dlitz debian canonical CWE-326
7.5
2018-02-03 CVE-2017-18123 Improper Input Validation vulnerability in multiple products
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
local
low complexity
dokuwiki debian CWE-20
8.6
2018-02-02 CVE-2017-18122 Improper Verification of Cryptographic Signature vulnerability in multiple products
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16.
network
high complexity
simplesamlphp debian CWE-347
8.1
2018-02-02 CVE-2018-6519 Injection vulnerability in multiple products
The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.
network
low complexity
simplesamlphp debian CWE-74
7.5
2018-01-31 CVE-2018-5996 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
local
low complexity
7-zip debian CWE-119
7.8