Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-28 CVE-2017-15420 Improper Input Validation vulnerability in multiple products
Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
6.5
2018-08-28 CVE-2017-15419 Open Redirect vulnerability in multiple products
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.
network
low complexity
redhat debian google CWE-601
6.5
2018-08-28 CVE-2017-15418 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google redhat debian CWE-119
4.3
2018-08-28 CVE-2017-15417 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
high complexity
google redhat debian CWE-119
5.3
2018-08-28 CVE-2017-15416 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.
network
low complexity
redhat debian google CWE-119
6.5
2018-08-28 CVE-2017-15415 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.
network
low complexity
debian redhat google CWE-119
6.5
2018-08-22 CVE-2018-10919 Information Exposure vulnerability in multiple products
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks.
network
low complexity
canonical debian samba CWE-200
4.0
2018-08-22 CVE-2018-10858 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing.
network
low complexity
debian canonical samba redhat CWE-119
6.5
2018-08-22 CVE-2018-10846 Covert Timing Channel vulnerability in multiple products
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found.
5.6
2018-08-22 CVE-2018-10845 Covert Timing Channel vulnerability in multiple products
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian CWE-385
5.9