Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-08-23 CVE-2019-15505 Out-of-bounds Read vulnerability in multiple products
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
network
low complexity
linux debian canonical CWE-125
critical
 9.8
9.8
2019-08-16 CVE-2019-5477 OS Command Injection vulnerability in multiple products
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method.
network
low complexity
nokogiri canonical debian CWE-78
critical
 9.8
9.8
2019-08-15 CVE-2019-9851 Improper Input Validation vulnerability in multiple products
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
debian canonical opensuse fedoraproject libreoffice CWE-20
critical
 9.8
9.8
2019-08-15 CVE-2019-9850 Improper Input Validation vulnerability in multiple products
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
debian canonical opensuse fedoraproject libreoffice CWE-20
critical
 9.8
9.8
2019-08-13 CVE-2019-14809 net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications.
network
low complexity
golang debian
critical
 9.8
9.8
2019-08-09 CVE-2019-14234 SQL Injection vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject fedoraproject debian CWE-89
critical
 9.8
9.8
2019-07-31 CVE-2019-14463 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5.
network
low complexity
libmodbus fedoraproject debian CWE-125
critical
 9.1
9.1
2019-07-31 CVE-2019-14462 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5.
network
low complexity
libmodbus fedoraproject debian CWE-125
critical
 9.1
9.1
2019-07-29 CVE-2019-14379 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
network
low complexity
fasterxml debian netapp fedoraproject redhat oracle apple
critical
 9.8
9.8
2019-07-25 CVE-2019-13917 Data Processing Errors vulnerability in multiple products
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
network
low complexity
exim debian CWE-19
critical
 10.0
10