Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-04-30 CVE-2019-11627 OS Command Injection vulnerability in multiple products
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.
network
low complexity
signing-party-project debian opensuse CWE-78
critical
10.0
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code.
network
low complexity
xmlsoft canonical debian fedoraproject oracle netapp opensuse
critical
9.8
2019-03-27 CVE-2019-5420 Use of Insufficiently Random Values vulnerability in multiple products
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token.
network
low complexity
rubyonrails debian fedoraproject CWE-330
critical
9.8
2019-03-25 CVE-2019-3861 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed.
network
low complexity
libssh2 debian netapp opensuse CWE-125
critical
9.1
2019-03-25 CVE-2019-3860 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed.
network
low complexity
libssh2 debian netapp opensuse CWE-125
critical
9.1
2019-03-23 CVE-2019-9948 Path Traversal vulnerability in multiple products
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
network
low complexity
python opensuse debian fedoraproject canonical redhat CWE-22
critical
9.1
2019-03-21 CVE-2019-3858 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server.
network
low complexity
libssh2 fedoraproject debian netapp opensuse CWE-125
critical
9.1
2019-03-21 CVE-2019-9898 Use of Insufficiently Random Values vulnerability in multiple products
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
network
low complexity
putty fedoraproject debian opensuse netapp CWE-330
critical
9.8
2019-03-21 CVE-2019-3862 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed.
network
low complexity
libssh2 fedoraproject debian netapp opensuse CWE-125
critical
9.1
2019-03-21 CVE-2019-3859 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions.
network
low complexity
libssh2 fedoraproject debian netapp opensuse CWE-125
critical
9.1