Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-08-27 CVE-2019-13455 Out-of-bounds Write vulnerability in multiple products
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of   expansion in acknowledge.c.
network
low complexity
xymon debian CWE-787
critical
 9.8
9.8
2019-08-27 CVE-2019-13452 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.
network
low complexity
xymon debian CWE-119
critical
 9.8
9.8
2019-08-27 CVE-2019-13451 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.
network
low complexity
xymon debian CWE-119
critical
 9.8
9.8
2019-08-27 CVE-2019-13273 Out-of-bounds Write vulnerability in multiple products
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script.
network
low complexity
xymon debian CWE-787
critical
 9.8
9.8
2019-08-23 CVE-2019-15505 Out-of-bounds Read vulnerability in multiple products
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
network
low complexity
linux debian canonical CWE-125
critical
 9.8
9.8
2019-08-16 CVE-2019-5477 OS Command Injection vulnerability in multiple products
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method.
network
low complexity
nokogiri canonical debian CWE-78
critical
 9.8
9.8
2019-08-15 CVE-2019-9851 Improper Input Validation vulnerability in multiple products
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
debian canonical opensuse fedoraproject libreoffice CWE-20
critical
 9.8
9.8
2019-08-15 CVE-2019-9850 Improper Input Validation vulnerability in multiple products
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
debian canonical opensuse fedoraproject libreoffice CWE-20
critical
 9.8
9.8
2019-08-15 CVE-2019-11187 Improper Authentication vulnerability in multiple products
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.
network
low complexity
gonicus debian CWE-287
critical
 9.8
9.8
2019-08-13 CVE-2019-14809 net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications.
network
low complexity
golang debian
critical
 9.8
9.8