Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-07 | CVE-2017-15388 | Out-of-bounds Read vulnerability in multiple products Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
| 2018-02-07 | CVE-2017-15387 | Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page. | 8.8 |
| 2018-02-07 | CVE-2018-6574 | Code Injection vulnerability in multiple products Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. | 7.8 |
| 2018-02-07 | CVE-2018-6799 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. | 8.8 |
| 2018-02-06 | CVE-2018-6767 | Out-of-bounds Read vulnerability in multiple products A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. | 7.8 |
| 2018-02-03 | CVE-2018-6594 | Inadequate Encryption Strength vulnerability in multiple products lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). | 7.5 |
| 2018-02-03 | CVE-2017-18123 | Improper Input Validation vulnerability in multiple products The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. | 8.6 |
| 2018-02-02 | CVE-2017-18122 | Improper Verification of Cryptographic Signature vulnerability in multiple products A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. | 8.1 |
| 2018-02-02 | CVE-2018-6519 | Injection vulnerability in multiple products The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. | 7.5 |
| 2018-01-31 | CVE-2018-5996 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | 7.8 |