Vulnerabilities > Debian > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-22 | CVE-2014-6310 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. | 9.8 |
| 2019-11-20 | CVE-2015-3166 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. | 9.8 |
| 2019-11-20 | CVE-2011-1028 | Improper Input Validation vulnerability in multiple products The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | 9.8 |
| 2019-11-17 | CVE-2019-19012 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. | 9.8 |
| 2019-11-15 | CVE-2011-0703 | Improper Input Validation vulnerability in multiple products In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. | 9.8 |
| 2019-11-15 | CVE-2013-7088 | Classic Buffer Overflow vulnerability in multiple products ClamAV before 0.97.7 has buffer overflow in the libclamav component | 9.8 |
| 2019-11-15 | CVE-2013-7087 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ClamAV before 0.97.7 has WWPack corrupt heap memory | 9.8 |
| 2019-11-15 | CVE-2019-18928 | Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. | 9.8 |
| 2019-11-14 | CVE-2011-1930 | In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. | 9.8 |
| 2019-11-13 | CVE-2010-4533 | Improper Certificate Validation vulnerability in multiple products offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | 9.8 |