Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-09-17 CVE-2019-16378 Authentication Bypass by Spoofing vulnerability in multiple products
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.
network
low complexity
trusteddomain debian fedoraproject canonical CWE-290
critical
 9.8
9.8
2019-09-17 CVE-2019-16239 Classic Buffer Overflow vulnerability in multiple products
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
network
low complexity
infradead fedoraproject debian canonical opensuse CWE-120
critical
 9.8
9.8
2019-09-16 CVE-2019-5482 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
network
low complexity
haxx fedoraproject opensuse netapp oracle debian CWE-787
critical
 9.8
9.8
2019-09-16 CVE-2019-5481 Double Free vulnerability in multiple products
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
network
low complexity
haxx fedoraproject netapp oracle debian opensuse CWE-415
critical
 9.8
9.8
2019-09-15 CVE-2019-16335 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
network
low complexity
fasterxml fedoraproject debian netapp redhat oracle CWE-502
critical
 9.8
9.8
2019-09-15 CVE-2019-14540 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10.
network
low complexity
fasterxml netapp fedoraproject debian redhat oracle CWE-502
critical
 9.8
9.8
2019-09-06 CVE-2019-14813 Incorrect Authorization vulnerability in multiple products
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
network
low complexity
artifex redhat fedoraproject opensuse debian CWE-863
critical
 9.8
9.8
2019-09-06 CVE-2019-15846 Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
network
low complexity
exim debian
critical
 9.8
9.8
2019-09-04 CVE-2019-15926 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.2.3.
network
low complexity
linux debian canonical CWE-125
critical
 9.1
9.1
2019-09-03 CVE-2019-10197 Path Traversal vulnerability in multiple products
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file.
network
low complexity
samba debian canonical CWE-22
critical
 9.1
9.1