Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-07 CVE-2017-5130 Out-of-bounds Write vulnerability in multiple products
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
network
low complexity
google debian xmlsoft CWE-787
8.8
2018-02-07 CVE-2017-5129 Use After Free vulnerability in multiple products
A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
2018-02-07 CVE-2017-5128 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.
network
low complexity
google debian CWE-119
8.8
2018-02-07 CVE-2017-5127 Use After Free vulnerability in multiple products
Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google debian CWE-416
8.8
2018-02-07 CVE-2017-5126 Use After Free vulnerability in multiple products
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
network
low complexity
google debian CWE-416
8.8
2018-02-07 CVE-2017-5125 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-119
8.8
2018-02-07 CVE-2017-15393 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.
network
low complexity
google debian CWE-668
8.8
2018-02-07 CVE-2017-15388 Out-of-bounds Read vulnerability in multiple products
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian CWE-125
8.8
2018-02-07 CVE-2017-15387 Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
network
low complexity
google debian
8.8
2018-02-07 CVE-2018-6574 Code Injection vulnerability in multiple products
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
local
low complexity
golang debian redhat CWE-94
7.8