Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-05-03 | CVE-2019-11036 | Out-of-bounds Read vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. | 9.1 |
2019-04-30 | CVE-2019-11627 | OS Command Injection vulnerability in multiple products gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. | 10.0 |
2019-04-10 | CVE-2019-11068 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. | 9.8 |
2019-03-27 | CVE-2019-5420 | Use of Insufficiently Random Values vulnerability in multiple products A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. | 9.8 |
2019-03-25 | CVE-2019-3861 | Out-of-bounds Read vulnerability in multiple products An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. | 9.1 |
2019-03-25 | CVE-2019-3860 | Out-of-bounds Read vulnerability in multiple products An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. | 9.1 |
2019-03-23 | CVE-2019-9948 | Path Traversal vulnerability in multiple products urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | 9.1 |
2019-03-21 | CVE-2019-3858 | Out-of-bounds Read vulnerability in multiple products An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. | 9.1 |
2019-03-21 | CVE-2019-9898 | Use of Insufficiently Random Values vulnerability in multiple products Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | 9.8 |
2019-03-21 | CVE-2019-3862 | Out-of-bounds Read vulnerability in multiple products An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. | 9.1 |