Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-03-25 CVE-2020-1957 Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
network
low complexity
apache debian
critical
 9.8
9.8
2020-03-24 CVE-2020-6072 Double Free vulnerability in multiple products
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0.
network
low complexity
videolabs debian CWE-415
critical
 9.8
9.8
2020-03-24 CVE-2020-10938 Integer Overflow or Wraparound vulnerability in multiple products
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
network
low complexity
graphicsmagick debian opensuse CWE-190
critical
 9.8
9.8
2020-03-23 CVE-2020-1944 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17565 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17559 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2020-9760 Classic Buffer Overflow vulnerability in multiple products
An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected).
network
low complexity
weechat debian CWE-120
critical
 9.8
9.8
2020-03-12 CVE-2020-10109 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twisted fedoraproject debian canonical CWE-444
critical
 9.8
9.8
2020-03-12 CVE-2020-10108 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twisted fedoraproject debian canonical oracle CWE-444
critical
 9.8
9.8
2020-03-09 CVE-2020-10232 Out-of-bounds Write vulnerability in multiple products
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.
network
low complexity
sleuthkit debian fedoraproject CWE-787
critical
 9.8
9.8