Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-03-02 CVE-2020-9548 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
network
low complexity
fasterxml netapp debian oracle CWE-502
critical
 9.8
9.8
2020-03-02 CVE-2020-9547 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
network
low complexity
fasterxml netapp debian oracle CWE-502
critical
 9.8
9.8
2020-03-02 CVE-2020-9546 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
network
low complexity
fasterxml netapp debian oracle CWE-502
critical
 9.8
9.8
2020-02-25 CVE-2020-8794 Out-of-bounds Read vulnerability in multiple products
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies.
network
low complexity
opensmtpd canonical fedoraproject debian CWE-125
critical
 9.8
9.8
2020-02-24 CVE-2020-1938 When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat.
network
low complexity
apache fedoraproject oracle debian opensuse blackberry netapp
critical
 9.8
9.8
2020-02-23 CVE-2020-9355 danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.
network
low complexity
networkmanager-ssh-project debian
critical
 9.8
9.8
2020-02-20 CVE-2014-4678 Injection vulnerability in multiple products
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
network
low complexity
redhat debian CWE-74
critical
 9.8
9.8
2020-02-19 CVE-2020-6061 Out-of-bounds Read vulnerability in multiple products
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests.
network
low complexity
coturn-project fedoraproject debian canonical CWE-125
critical
 9.8
9.8
2020-02-17 CVE-2020-8518 Code Injection vulnerability in multiple products
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
network
low complexity
horde fedoraproject debian CWE-94
critical
 9.8
9.8
2020-02-12 CVE-2020-8955 Classic Buffer Overflow vulnerability in multiple products
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).
network
low complexity
weechat fedoraproject opensuse debian CWE-120
critical
 9.8
9.8