Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-27 | CVE-2019-14896 | A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. | 9.8 |
2019-11-26 | CVE-2011-1939 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. | 9.8 |
2019-11-26 | CVE-2019-12526 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid before 4.9. | 9.8 |
2019-11-26 | CVE-2019-12523 | An issue was discovered in Squid before 4.9. | 9.1 |
2019-11-26 | CVE-2011-4120 | Improper Input Validation vulnerability in multiple products Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. | 9.8 |
2019-11-22 | CVE-2014-6311 | Use of Insufficiently Random Values vulnerability in multiple products generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. | 9.8 |
2019-11-22 | CVE-2014-6310 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. | 9.8 |
2019-11-20 | CVE-2015-3166 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. | 9.8 |
2019-11-20 | CVE-2011-1028 | Improper Input Validation vulnerability in multiple products The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | 9.8 |
2019-11-17 | CVE-2019-19012 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. | 9.8 |