Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-07-29 CVE-2019-14379 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
network
low complexity
fasterxml debian netapp fedoraproject redhat oracle apple
critical
 9.8
9.8
2019-07-25 CVE-2019-13917 Data Processing Errors vulnerability in multiple products
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
network
low complexity
exim debian CWE-19
critical
 9.8
9.8
2019-07-25 CVE-2019-1010174 Command Injection vulnerability in multiple products
CImg The CImg Library v.2.3.3 and earlier is affected by: command injection.
network
low complexity
cimg debian CWE-77
critical
 9.8
9.8
2019-07-23 CVE-2019-11709 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7.
network
low complexity
mozilla opensuse suse debian CWE-787
critical
 9.8
9.8
2019-07-19 CVE-2019-12815 Improper Handling of Exceptional Conditions vulnerability in multiple products
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
network
low complexity
proftpd fedoraproject debian siemens CWE-755
critical
 9.8
9.8
2019-07-19 CVE-2019-1010238 Out-of-bounds Write vulnerability in multiple products
Gnome Pango 1.42 and later is affected by: Buffer Overflow.
network
low complexity
gnome oracle fedoraproject debian canonical redhat CWE-787
critical
 9.8
9.8
2019-07-18 CVE-2019-13962 Out-of-bounds Read vulnerability in multiple products
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
network
low complexity
videolan opensuse debian canonical CWE-125
critical
 9.8
9.8
2019-07-17 CVE-2019-9848 Code Injection vulnerability in multiple products
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc.
network
low complexity
libreoffice canonical fedoraproject debian opensuse CWE-94
critical
 9.8
9.8
2019-07-11 CVE-2019-12525 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7.
network
low complexity
squid-cache debian opensuse fedoraproject canonical CWE-787
critical
 9.8
9.8
2019-07-11 CVE-2019-12838 SQL Injection vulnerability in multiple products
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.
network
low complexity
schedmd debian fedoraproject opensuse CWE-89
critical
 9.8
9.8