Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2019-17570 Deserialization of Untrusted Data vulnerability in multiple products
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library.
network
low complexity
apache debian canonical fedoraproject redhat CWE-502
critical
 9.8
9.8
2020-01-17 CVE-2019-17361 Command Injection vulnerability in multiple products
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection.
network
low complexity
saltstack debian opensuse canonical CWE-77
critical
 9.8
9.8
2020-01-08 CVE-2019-20367 Out-of-bounds Read vulnerability in multiple products
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
network
low complexity
freedesktop debian canonical opensuse CWE-125
critical
 9.1
9.1
2020-01-06 CVE-2019-18792 Interpretation Conflict vulnerability in multiple products
An issue was discovered in Suricata 5.0.0.
network
low complexity
oisf debian CWE-436
critical
 9.1
9.1
2020-01-03 CVE-2019-20330 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
network
low complexity
fasterxml oracle debian netapp CWE-502
critical
 9.8
9.8
2020-01-03 CVE-2020-5312 Classic Buffer Overflow vulnerability in multiple products
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
network
low complexity
python canonical debian fedoraproject CWE-120
critical
 9.8
9.8
2020-01-03 CVE-2020-5311 Classic Buffer Overflow vulnerability in multiple products
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
network
low complexity
python debian canonical fedoraproject CWE-120
critical
 9.8
9.8
2019-12-27 CVE-2019-20041 Improper Input Validation vulnerability in multiple products
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.
network
low complexity
wordpress debian CWE-20
critical
 9.8
9.8
2019-12-24 CVE-2019-19953 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
network
low complexity
graphicsmagick debian opensuse CWE-125
critical
 9.1
9.1
2019-12-24 CVE-2019-19951 Out-of-bounds Write vulnerability in multiple products
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
network
low complexity
graphicsmagick debian opensuse CWE-787
critical
 9.8
9.8