Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-20 CVE-2014-4678 Injection vulnerability in multiple products
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
network
low complexity
redhat debian CWE-74
critical
 9.8
9.8
2020-02-19 CVE-2020-6061 Out-of-bounds Read vulnerability in multiple products
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests.
network
low complexity
coturn-project fedoraproject debian canonical CWE-125
critical
 9.8
9.8
2020-02-17 CVE-2020-8518 Code Injection vulnerability in multiple products
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
network
low complexity
horde fedoraproject debian CWE-94
critical
 9.8
9.8
2020-02-12 CVE-2020-8955 Classic Buffer Overflow vulnerability in multiple products
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).
network
low complexity
weechat fedoraproject opensuse debian CWE-120
critical
 9.8
9.8
2020-02-10 CVE-2020-8840 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
network
low complexity
fasterxml debian netapp huawei oracle CWE-502
critical
 9.8
9.8
2020-02-10 CVE-2020-7060 Out-of-bounds Read vulnerability in multiple products
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer.
network
low complexity
php tenable oracle opensuse debian CWE-125
critical
 9.1
9.1
2020-02-10 CVE-2020-7059 Out-of-bounds Read vulnerability in multiple products
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer.
network
low complexity
php tenable oracle opensuse debian CWE-125
critical
 9.1
9.1
2020-02-07 CVE-2019-15606 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
network
low complexity
nodejs oracle debian redhat opensuse
critical
 9.8
9.8
2020-02-07 CVE-2019-15605 HTTP Request Smuggling vulnerability in multiple products
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
network
low complexity
nodejs debian fedoraproject opensuse redhat oracle CWE-444
critical
 9.8
9.8
2020-02-03 CVE-2020-8597 Classic Buffer Overflow vulnerability in multiple products
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
network
low complexity
point-to-point-protocol-project wago debian canonical CWE-120
critical
 9.8
9.8