Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-06-05 CVE-2019-10149 OS Command Injection vulnerability in multiple products
A flaw was found in Exim versions 4.87 to 4.91 (inclusive).
network
low complexity
exim debian canonical CWE-78
critical
 9.8
9.8
2019-06-03 CVE-2019-11356 Out-of-bounds Write vulnerability in multiple products
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
network
low complexity
cyrus fedoraproject debian canonical redhat CWE-787
critical
 9.8
9.8
2019-05-29 CVE-2019-12450 Incorrect Default Permissions vulnerability in multiple products
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress.
network
low complexity
gnome debian redhat canonical opensuse fedoraproject CWE-276
critical
 9.8
9.8
2019-05-22 CVE-2019-12046 Insufficiently Protected Credentials vulnerability in multiple products
LemonLDAP::NG -2.0.3 has Incorrect Access Control.
network
low complexity
lemonldap-ng debian CWE-522
critical
 9.8
9.8
2019-05-09 CVE-2019-11831 Deserialization of Untrusted Data vulnerability in multiple products
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
network
low complexity
typo3 debian fedoraproject drupal joomla CWE-502
critical
 9.8
9.8
2019-05-05 CVE-2019-11766 Out-of-bounds Read vulnerability in multiple products
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
network
low complexity
dhcpcd-project debian CWE-125
critical
 9.8
9.8
2019-05-03 CVE-2019-11036 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function.
network
low complexity
php fedoraproject redhat canonical debian opensuse CWE-125
critical
 9.1
9.1
2019-04-30 CVE-2019-11627 OS Command Injection vulnerability in multiple products
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.
network
low complexity
signing-party-project debian opensuse CWE-78
critical
 9.8
9.8
2019-04-18 CVE-2019-11035 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function.
network
low complexity
php canonical netapp redhat opensuse debian CWE-125
critical
 9.1
9.1
2019-04-18 CVE-2019-11034 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function.
network
low complexity
php canonical netapp redhat debian opensuse CWE-125
critical
 9.1
9.1