Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-15 | CVE-2019-9851 | Improper Input Validation vulnerability in multiple products LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. | 9.8 |
2019-08-15 | CVE-2019-9850 | Improper Input Validation vulnerability in multiple products LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. | 9.8 |
2019-08-15 | CVE-2019-11187 | Improper Authentication vulnerability in multiple products Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided. | 9.8 |
2019-08-13 | CVE-2019-14809 | net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. | 9.8 |
2019-08-09 | CVE-2019-14234 | SQL Injection vulnerability in multiple products An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. | 9.8 |
2019-07-31 | CVE-2019-14463 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. | 9.1 |
2019-07-31 | CVE-2019-14462 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. | 9.1 |
2019-07-29 | CVE-2019-14271 | Improper Initialization vulnerability in multiple products In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | 9.8 |
2019-07-29 | CVE-2019-14379 | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | 9.8 |
2019-07-25 | CVE-2019-13917 | Data Processing Errors vulnerability in multiple products Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). | 9.8 |