Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-10-12 CVE-2019-17531 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-10 CVE-2019-17455 Out-of-bounds Read vulnerability in multiple products
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
network
low complexity
nongnu debian canonical fedoraproject opensuse CWE-125
critical
 9.8
9.8
2019-10-09 CVE-2019-17362 Out-of-bounds Read vulnerability in multiple products
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences.
network
low complexity
libtom debian CWE-125
critical
 9.1
9.1
2019-10-07 CVE-2019-17042 Improper Input Validation vulnerability in multiple products
An issue was discovered in Rsyslog v8.1908.0.
network
low complexity
rsyslog fedoraproject debian opensuse CWE-20
critical
 9.8
9.8
2019-10-07 CVE-2019-17041 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Rsyslog v8.1908.0.
network
low complexity
rsyslog debian fedoraproject opensuse CWE-787
critical
 9.8
9.8
2019-10-07 CVE-2019-17267 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
network
low complexity
fasterxml netapp debian redhat oracle CWE-502
critical
 9.8
9.8
2019-10-04 CVE-2019-17133 Classic Buffer Overflow vulnerability in multiple products
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
network
low complexity
linux debian canonical opensuse CWE-120
critical
 9.8
9.8
2019-10-01 CVE-2019-16943 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat oracle netapp CWE-502
critical
 9.8
9.8
2019-10-01 CVE-2019-16942 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat netapp oracle CWE-502
critical
 9.8
9.8
2019-09-27 CVE-2019-16928 Out-of-bounds Write vulnerability in multiple products
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846.
network
low complexity
exim canonical debian fedoraproject CWE-787
critical
 9.8
9.8