Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.006
Published
2018-12-04
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSS Score
6.5
EPSS Score
0.009
Published
2018-12-04
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSS Score
6.5
EPSS Score
0.009
Published
2018-12-04
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSS Score
6.5
EPSS Score
0.009
Published
2018-12-04
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.009
Published
2018-12-04
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.016
Published
2018-12-04
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.025
Published
2018-12-04
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-12-03
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
CVSS Score
8.8
EPSS Score
0.593
Published
2018-12-03
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-12-02