Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-03-15 CVE-2018-20180 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.
network
low complexity
rdesktop debian CWE-191
critical
9.8
2019-03-15 CVE-2018-20177 Integer Overflow or Wraparound vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
network
low complexity
rdesktop debian opensuse CWE-190
critical
9.8
2019-03-09 CVE-2019-9641 Use of Uninitialized Resource vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp CWE-908
critical
9.8
2019-03-08 CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.
network
low complexity
python fedoraproject opensuse debian canonical redhat oracle
critical
9.8
2019-03-08 CVE-2019-9631 Out-of-bounds Read vulnerability in multiple products
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
network
low complexity
freedesktop fedoraproject debian CWE-125
critical
9.8
2019-02-28 CVE-2018-18498 Integer Overflow or Wraparound vulnerability in multiple products
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value.
network
low complexity
mozilla debian canonical redhat CWE-190
critical
9.8
2019-02-28 CVE-2018-18493 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
9.8
2019-02-28 CVE-2018-18492 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection.
network
low complexity
mozilla debian canonical redhat CWE-416
critical
9.8
2019-02-28 CVE-2018-12405 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
9.8
2019-02-28 CVE-2018-12392 When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling.
network
low complexity
mozilla debian canonical redhat
critical
9.8