Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-01-02 CVE-2018-14720 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
 9.8
9.8
2019-01-02 CVE-2018-14719 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat netapp CWE-502
critical
 9.8
9.8
2019-01-02 CVE-2018-14718 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle netapp redhat CWE-502
critical
 9.8
9.8
2018-12-26 CVE-2018-19873 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Qt before 5.11.3.
network
low complexity
qt debian opensuse CWE-119
critical
 9.8
9.8
2018-12-24 CVE-2018-20433 XXE vulnerability in multiple products
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
network
low complexity
mchange debian CWE-611
critical
 9.8
9.8
2018-12-20 CVE-2018-1160 Out-of-bounds Write vulnerability in multiple products
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c.
network
low complexity
netatalk synology debian CWE-787
critical
 9.8
9.8
2018-12-19 CVE-2018-20020 Out-of-bounds Write vulnerability in multiple products
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution
network
low complexity
libvnc-project debian canonical CWE-787
critical
 9.8
9.8
2018-12-19 CVE-2018-20019 Out-of-bounds Write vulnerability in multiple products
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution
network
low complexity
libvnc-project canonical debian siemens CWE-787
critical
 9.8
9.8
2018-12-19 CVE-2018-15127 Out-of-bounds Write vulnerability in multiple products
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
network
low complexity
libvnc-project canonical redhat debian CWE-787
critical
 9.8
9.8
2018-12-19 CVE-2018-15126 Use After Free vulnerability in multiple products
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution
network
low complexity
libvnc-project canonical debian CWE-416
critical
 9.8
9.8