Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-04-15 CVE-2020-11729 Session Fixation vulnerability in multiple products
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60.
network
low complexity
davical debian CWE-384
critical
 9.8
9.8
2020-03-31 CVE-2020-10595 Classic Buffer Overflow vulnerability in multiple products
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library.
network
low complexity
pam-krb5-project debian CWE-120
critical
 9.8
9.8
2020-03-25 CVE-2020-1957 Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
network
low complexity
apache debian
critical
 9.8
9.8
2020-03-24 CVE-2020-6072 Double Free vulnerability in multiple products
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0.
network
low complexity
videolabs debian CWE-415
critical
 9.8
9.8
2020-03-24 CVE-2020-10938 Integer Overflow or Wraparound vulnerability in multiple products
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
network
low complexity
graphicsmagick debian opensuse CWE-190
critical
 9.8
9.8
2020-03-23 CVE-2020-1944 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17565 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17559 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2020-9760 Classic Buffer Overflow vulnerability in multiple products
An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected).
network
low complexity
weechat debian CWE-120
critical
 9.8
9.8
2020-03-12 CVE-2020-10109 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twisted fedoraproject debian canonical CWE-444
critical
 9.8
9.8