Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-12-04 | CVE-2018-6116 | A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | Debian_linux, Chrome, Linux_desktop, Linux_server, Linux_workstation | 6.5 | ||
2018-12-04 | CVE-2018-6152 | The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. | Debian_linux, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 9.6 | ||
2018-12-05 | CVE-2018-19857 | The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. | Debian_linux, Vlc_media_player | 9.1 | ||
2018-12-05 | CVE-2018-18312 | Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | Ubuntu_linux, Debian_linux, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdrive, Perl, Enterprise_linux | 9.8 | ||
2018-12-07 | CVE-2018-18311 | Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Web_gateway, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdriver, Perl, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform | 9.8 | ||
2018-12-07 | CVE-2018-18313 | Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. | Mac_os_x, Ubuntu_linux, Debian_linux, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdrive, Perl, Enterprise_linux | 9.1 | ||
2018-12-07 | CVE-2018-18314 | Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | Ubuntu_linux, Debian_linux, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdrive, Perl, Enterprise_linux | 9.8 | ||
2018-12-08 | CVE-2018-19961 | An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. | Xenserver, Debian_linux, Xen | 7.8 | ||
2018-12-08 | CVE-2018-19962 | An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. | Xenserver, Debian_linux, Xen | 7.8 | ||
2018-12-08 | CVE-2018-19965 | An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation. | Xenserver, Debian_linux, Xen | 5.6 |