Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-10-31 CVE-2013-1910 Improper Input Validation vulnerability in multiple products
yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.
network
low complexity
baseurl debian CWE-20
critical
 9.8
9.8
2019-10-31 CVE-2009-5043 Improper Handling of Exceptional Conditions vulnerability in multiple products
burn allows file names to escape via mishandled quotation marks
network
low complexity
burn-project debian CWE-755
critical
 9.8
9.8
2019-10-31 CVE-2009-5042 Exposure of Resource to Wrong Sphere vulnerability in multiple products
python-docutils allows insecure usage of temporary files
network
low complexity
python-docutils-project debian CWE-668
critical
 9.1
9.1
2019-10-31 CVE-2009-5041 Classic Buffer Overflow vulnerability in Debian Overkill
overkill has buffer overflow via long player names that can corrupt data on the server machine
network
low complexity
debian CWE-120
critical
 9.8
9.8
2019-10-31 CVE-2019-18425 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors.
network
low complexity
xen debian fedoraproject opensuse CWE-269
critical
 9.8
9.8
2019-10-30 CVE-2010-0748 Improper Input Validation vulnerability in multiple products
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
network
low complexity
transmissionbt debian CWE-20
critical
 9.8
9.8
2019-10-28 CVE-2019-11043 Out-of-bounds Write vulnerability in multiple products
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
network
low complexity
php canonical debian fedoraproject tenable redhat CWE-787
critical
 9.8
9.8
2019-10-17 CVE-2019-17670 Server-Side Request Forgery (SSRF) vulnerability in multiple products
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
network
low complexity
wordpress debian CWE-918
critical
 9.8
9.8
2019-10-17 CVE-2019-17669 Server-Side Request Forgery (SSRF) vulnerability in multiple products
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
network
low complexity
wordpress debian CWE-918
critical
 9.8
9.8
2019-10-14 CVE-2019-17545 Double Free vulnerability in multiple products
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
network
low complexity
osgeo oracle debian fedoraproject opensuse CWE-415
critical
 9.8
9.8