Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-11-29 CVE-2019-14897 Stack-based Buffer Overflow vulnerability in multiple products
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver.
network
low complexity
linux debian canonical CWE-121
critical
 9.8
9.8
2019-11-29 CVE-2019-14895 Heap-based Buffer Overflow vulnerability in multiple products
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver.
network
low complexity
linux debian canonical fedoraproject opensuse CWE-122
critical
 9.8
9.8
2019-11-27 CVE-2011-2523 OS Command Injection vulnerability in multiple products
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
network
low complexity
vsftpd-project debian CWE-78
critical
 9.8
9.8
2019-11-27 CVE-2019-19330 Injection vulnerability in multiple products
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
network
low complexity
haproxy canonical debian CWE-74
critical
 9.8
9.8
2019-11-27 CVE-2019-14896 Heap-based Buffer Overflow vulnerability in multiple products
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver.
network
low complexity
linux redhat fedoraproject canonical debian CWE-122
critical
 9.8
9.8
2019-11-26 CVE-2011-1939 SQL Injection vulnerability in multiple products
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
network
low complexity
zend php debian CWE-89
critical
 9.8
9.8
2019-11-26 CVE-2019-12526 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid before 4.9.
network
low complexity
squid-cache canonical fedoraproject opensuse debian CWE-787
critical
 9.8
9.8
2019-11-26 CVE-2019-12523 An issue was discovered in Squid before 4.9.
network
low complexity
squid-cache canonical fedoraproject opensuse debian
critical
 9.1
9.1
2019-11-26 CVE-2011-4120 Improper Input Validation vulnerability in multiple products
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration.
network
low complexity
yubico debian CWE-20
critical
 9.8
9.8
2019-11-22 CVE-2014-6311 Use of Insufficiently Random Values vulnerability in multiple products
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
network
low complexity
vanderbilt debian CWE-330
critical
 9.8
9.8