Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-12-23 CVE-2019-11049 Double Free vulnerability in multiple products
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
network
low complexity
php fedoraproject debian tenable CWE-415
critical
 9.8
9.8
2019-12-20 CVE-2019-17571 Deserialization of Untrusted Data vulnerability in multiple products
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data.
network
low complexity
apache debian canonical opensuse netapp oracle CWE-502
critical
 9.8
9.8
2019-12-20 CVE-2012-6094 Incorrect Authorization vulnerability in multiple products
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system
network
low complexity
apple debian CWE-863
critical
 9.8
9.8
2019-12-15 CVE-2014-8650 Improper Authentication vulnerability in multiple products
python-requests-Kerberos through 0.5 does not handle mutual authentication
network
low complexity
requests-kerberos-project debian CWE-287
critical
 9.8
9.8
2019-12-13 CVE-2014-0175 Use of Hard-coded Credentials vulnerability in multiple products
mcollective has a default password set at install
network
low complexity
puppet redhat debian CWE-798
critical
 9.8
9.8
2019-12-12 CVE-2019-18345 Cross-site Scripting vulnerability in multiple products
A reflected XSS issue was discovered in DAViCal through 1.1.8.
network
low complexity
davical debian CWE-79
critical
 9.3
9.3
2019-12-11 CVE-2019-19725 Double Free vulnerability in multiple products
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
network
low complexity
sysstat-project debian canonical CWE-415
critical
 9.8
9.8
2019-12-10 CVE-2012-1577 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
network
low complexity
openbsd dietlibc-project debian CWE-335
critical
 9.8
9.8
2019-12-10 CVE-2013-2167 Insufficient Verification of Data Authenticity vulnerability in multiple products
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
network
low complexity
openstack redhat debian CWE-345
critical
 9.8
9.8
2019-12-10 CVE-2013-2166 Inadequate Encryption Strength vulnerability in multiple products
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
network
low complexity
openstack redhat fedoraproject debian CWE-326
critical
 9.8
9.8