Vulnerabilities > Debian > Debian Linux > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-27 | CVE-2019-19330 | Injection vulnerability in multiple products The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | 9.8 |
| 2019-11-27 | CVE-2019-14896 | Heap-based Buffer Overflow vulnerability in multiple products A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. | 9.8 |
| 2019-11-26 | CVE-2011-1939 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. | 9.8 |
| 2019-11-26 | CVE-2019-12526 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid before 4.9. | 9.8 |
| 2019-11-26 | CVE-2019-12523 | An issue was discovered in Squid before 4.9. | 9.1 |
| 2019-11-26 | CVE-2011-4120 | Improper Input Validation vulnerability in multiple products Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. | 9.8 |
| 2019-11-22 | CVE-2014-6311 | Use of Insufficiently Random Values vulnerability in multiple products generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. | 9.8 |
| 2019-11-22 | CVE-2014-6310 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. | 9.8 |
| 2019-11-20 | CVE-2015-3166 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. | 9.8 |
| 2019-11-20 | CVE-2011-1028 | Improper Input Validation vulnerability in multiple products The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | 9.8 |