Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-11-27 CVE-2019-14896 A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver.
network
low complexity
linux redhat fedoraproject canonical debian
critical
9.8
2019-11-26 CVE-2011-1939 SQL Injection vulnerability in multiple products
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
network
low complexity
zend php debian CWE-89
critical
9.8
2019-11-26 CVE-2019-12526 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid before 4.9.
network
low complexity
squid-cache canonical fedoraproject opensuse debian CWE-787
critical
9.8
2019-11-26 CVE-2019-12523 An issue was discovered in Squid before 4.9.
network
low complexity
squid-cache canonical fedoraproject opensuse debian
critical
9.1
2019-11-26 CVE-2011-4120 Improper Input Validation vulnerability in multiple products
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration.
network
low complexity
yubico debian CWE-20
critical
9.8
2019-11-22 CVE-2014-6311 Use of Insufficiently Random Values vulnerability in multiple products
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
network
low complexity
vanderbilt debian CWE-330
critical
9.8
2019-11-22 CVE-2014-6310 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
network
low complexity
call-cc debian CWE-120
critical
9.8
2019-11-20 CVE-2015-3166 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
network
low complexity
postgresql debian canonical CWE-119
critical
9.8
2019-11-20 CVE-2011-1028 Improper Input Validation vulnerability in multiple products
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
network
low complexity
smarty debian CWE-20
critical
9.8
2019-11-17 CVE-2019-19012 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker.
network
low complexity
oniguruma-project debian fedoraproject redhat CWE-190
critical
9.8