Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-04-23 CVE-2020-11945 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in Squid before 5.0.2.
network
low complexity
squid-cache debian opensuse fedoraproject canonical CWE-190
critical
 9.8
9.8
2020-04-15 CVE-2019-12519 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid through 4.7.
network
low complexity
squid-cache debian canonical opensuse CWE-787
critical
 9.8
9.8
2020-04-15 CVE-2019-12524 Missing Authentication for Critical Function vulnerability in multiple products
An issue was discovered in Squid through 4.7.
network
low complexity
squid-cache debian canonical CWE-306
critical
 9.8
9.8
2020-04-15 CVE-2020-11729 Session Fixation vulnerability in multiple products
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60.
network
low complexity
davical debian CWE-384
critical
 9.8
9.8
2020-03-31 CVE-2020-10595 Classic Buffer Overflow vulnerability in multiple products
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library.
network
low complexity
pam-krb5-project debian CWE-120
critical
 9.8
9.8
2020-03-25 CVE-2020-1957 Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
network
low complexity
apache debian
critical
 9.8
9.8
2020-03-24 CVE-2020-6072 Double Free vulnerability in multiple products
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0.
network
low complexity
videolabs debian CWE-415
critical
 9.8
9.8
2020-03-24 CVE-2020-10938 Integer Overflow or Wraparound vulnerability in multiple products
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
network
low complexity
graphicsmagick debian opensuse CWE-190
critical
 9.8
9.8
2020-03-23 CVE-2020-1944 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17565 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8