Debian: >> Debian Linux Security Vulnerabilities
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
CVSS Score
9.8
EPSS Score
0.107
Published
2018-11-16
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
CVSS Score
8.8
EPSS Score
0.022
Published
2018-11-16
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVSS Score
4.7
EPSS Score
0.034
Published
2018-11-15
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
CVSS Score
6.1
EPSS Score
0.009
Published
2018-11-14
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
CVSS Score
4.7
EPSS Score
0.014
Published
2018-11-14
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.015
Published
2018-11-14
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.02
Published
2018-11-14
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
7.5
EPSS Score
0.013
Published
2018-11-14
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.016
Published
2018-11-14
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.015
Published
2018-11-14