Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-11-27 CVE-2019-19330 Injection vulnerability in multiple products
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
network
low complexity
haproxy canonical debian CWE-74
critical
 9.8
9.8
2019-11-27 CVE-2019-14896 A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver.
network
low complexity
linux redhat fedoraproject canonical debian
critical
 9.8
9.8
2019-11-26 CVE-2011-1939 SQL Injection vulnerability in multiple products
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
network
low complexity
zend php debian CWE-89
critical
 9.8
9.8
2019-11-26 CVE-2019-12526 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid before 4.9.
network
low complexity
squid-cache canonical fedoraproject opensuse debian CWE-787
critical
 9.8
9.8
2019-11-26 CVE-2019-12523 An issue was discovered in Squid before 4.9.
network
low complexity
squid-cache canonical fedoraproject opensuse debian
critical
 9.1
9.1
2019-11-26 CVE-2011-4120 Improper Input Validation vulnerability in multiple products
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration.
network
low complexity
yubico debian CWE-20
critical
 9.8
9.8
2019-11-22 CVE-2014-6311 Use of Insufficiently Random Values vulnerability in multiple products
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
network
low complexity
vanderbilt debian CWE-330
critical
 9.8
9.8
2019-11-22 CVE-2014-6310 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
network
low complexity
call-cc debian CWE-120
critical
 9.8
9.8
2019-11-20 CVE-2015-3166 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
network
low complexity
postgresql debian canonical CWE-119
critical
 9.8
9.8
2019-11-20 CVE-2011-1028 Improper Input Validation vulnerability in multiple products
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
network
low complexity
smarty debian CWE-20
critical
 9.8
9.8