Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-14 | CVE-2011-1930 | Remote Shell Command Execution vulnerability in klibc DHCP Options Processing In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. | 10.0 |
2019-11-13 | CVE-2010-4654 | Injection vulnerability in multiple products poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | 9.3 |
2019-10-31 | CVE-2013-2024 | OS Command Injection vulnerability in multiple products OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. | 9.0 |
2019-10-31 | CVE-2019-18425 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. | 9.8 |
2019-10-28 | CVE-2019-11043 | Out-of-bounds Write vulnerability in multiple products In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | 9.8 |
2019-10-17 | CVE-2019-17670 | Server-Side Request Forgery (SSRF) vulnerability in multiple products WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. | 9.8 |
2019-10-17 | CVE-2019-17669 | Server-Side Request Forgery (SSRF) vulnerability in multiple products WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. | 9.8 |
2019-10-14 | CVE-2019-17545 | Double Free vulnerability in multiple products GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | 9.8 |
2019-10-12 | CVE-2019-17531 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. | 9.8 |
2019-10-10 | CVE-2019-17455 | Out-of-bounds Read vulnerability in multiple products Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. | 9.8 |