Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2019-3858 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server.
network
low complexity
libssh2 fedoraproject debian netapp opensuse CWE-125
critical
 9.1
9.1
2019-03-21 CVE-2019-9898 Use of Insufficiently Random Values vulnerability in multiple products
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
network
low complexity
putty fedoraproject debian opensuse netapp CWE-330
critical
 9.8
9.8
2019-03-21 CVE-2019-3862 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed.
network
low complexity
libssh2 fedoraproject debian netapp opensuse CWE-125
critical
 9.1
9.1
2019-03-21 CVE-2019-3859 Out-of-bounds Read vulnerability in multiple products
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions.
network
low complexity
libssh2 fedoraproject debian netapp opensuse CWE-125
critical
 9.1
9.1
2019-03-15 CVE-2018-20182 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.
network
low complexity
rdesktop debian CWE-119
critical
 9.8
9.8
2019-03-15 CVE-2018-20181 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.
network
low complexity
rdesktop debian CWE-191
critical
 9.8
9.8
2019-03-15 CVE-2018-20180 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.
network
low complexity
rdesktop debian CWE-191
critical
 9.8
9.8
2019-03-15 CVE-2018-20177 Integer Overflow or Wraparound vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
network
low complexity
rdesktop debian opensuse CWE-190
critical
 9.8
9.8
2019-03-09 CVE-2019-9641 Use of Uninitialized Resource vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp CWE-908
critical
 9.8
9.8
2019-03-08 CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.
network
low complexity
python fedoraproject opensuse debian canonical redhat oracle
critical
 9.8
9.8