Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2019-13224 Use After Free vulnerability in multiple products
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression.
network
low complexity
oniguruma-project php fedoraproject debian canonical CWE-416
critical
9.8
2019-07-03 CVE-2019-7165 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.
network
low complexity
dosbox debian fedoraproject CWE-119
critical
9.8
2019-07-02 CVE-2019-12594 DOSBox 0.74-2 has Incorrect Access Control.
network
low complexity
dosbox debian
critical
9.8
2019-06-19 CVE-2019-12900 Out-of-bounds Write vulnerability in multiple products
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
network
low complexity
bzip debian opensuse canonical freebsd python CWE-787
critical
9.8
2019-06-19 CVE-2019-11040 Out-of-bounds Read vulnerability in multiple products
When PHP EXIF extension is parsing EXIF information from an image, e.g.
network
low complexity
php redhat opensuse debian CWE-125
critical
9.1
2019-06-19 CVE-2019-11039 Integer Overflow or Wraparound vulnerability in multiple products
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers.
network
low complexity
php redhat opensuse debian CWE-190
critical
9.1
2019-06-14 CVE-2019-10126 Heap-based Buffer Overflow vulnerability in multiple products
A flaw was found in the Linux kernel.
network
low complexity
linux redhat canonical debian opensuse netapp CWE-122
critical
9.8
2019-06-07 CVE-2019-10160 Encoding Error vulnerability in multiple products
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL.
network
low complexity
python redhat debian opensuse fedoraproject canonical netapp CWE-172
critical
9.8
2019-06-05 CVE-2019-10149 OS Command Injection vulnerability in multiple products
A flaw was found in Exim versions 4.87 to 4.91 (inclusive).
network
low complexity
exim debian canonical CWE-78
critical
9.8
2019-06-03 CVE-2019-11356 Out-of-bounds Write vulnerability in multiple products
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
network
low complexity
cyrus fedoraproject debian canonical redhat CWE-787
critical
9.8