Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-08-15 CVE-2019-9851 Improper Input Validation vulnerability in multiple products
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
debian canonical opensuse fedoraproject libreoffice CWE-20
critical
 9.8
9.8
2019-08-15 CVE-2019-9850 Improper Input Validation vulnerability in multiple products
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
debian canonical opensuse fedoraproject libreoffice CWE-20
critical
 9.8
9.8
2019-08-15 CVE-2019-11187 Improper Authentication vulnerability in multiple products
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.
network
low complexity
gonicus debian CWE-287
critical
 9.8
9.8
2019-08-13 CVE-2019-14809 net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications.
network
low complexity
golang debian
critical
 9.8
9.8
2019-08-09 CVE-2019-14234 SQL Injection vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject fedoraproject debian CWE-89
critical
 9.8
9.8
2019-07-31 CVE-2019-14463 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5.
network
low complexity
libmodbus fedoraproject debian CWE-125
critical
 9.1
9.1
2019-07-31 CVE-2019-14462 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5.
network
low complexity
libmodbus fedoraproject debian CWE-125
critical
 9.1
9.1
2019-07-29 CVE-2019-14271 Improper Initialization vulnerability in multiple products
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
network
low complexity
docker debian opensuse CWE-665
critical
 9.8
9.8
2019-07-29 CVE-2019-14379 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
network
low complexity
fasterxml debian netapp fedoraproject redhat oracle apple
critical
 9.8
9.8
2019-07-25 CVE-2019-13917 Data Processing Errors vulnerability in multiple products
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
network
low complexity
exim debian CWE-19
critical
 9.8
9.8