Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2018-12390 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
9.8
2019-02-28 CVE-2019-9215 In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
network
low complexity
live555 opensuse debian
critical
9.8
2019-02-22 CVE-2019-9023 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1.
network
low complexity
php debian canonical netapp opensuse CWE-125
critical
9.8
2019-02-22 CVE-2019-9021 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1.
network
low complexity
php debian canonical netapp opensuse CWE-125
critical
9.8
2019-02-22 CVE-2019-9020 Use After Free vulnerability in multiple products
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1.
network
low complexity
php debian canonical netapp opensuse CWE-416
critical
9.8
2019-02-20 CVE-2019-7164 SQL Injection vulnerability in multiple products
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
network
low complexity
sqlalchemy debian opensuse redhat oracle CWE-89
critical
9.8
2019-02-19 CVE-2019-5759 Use After Free vulnerability in multiple products
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject CWE-416
critical
9.6
2019-02-09 CVE-2019-7653 Uncontrolled Search Path Element vulnerability in multiple products
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot.
network
low complexity
rdflib-project debian canonical CWE-427
critical
9.8
2019-02-06 CVE-2019-3822 Out-of-bounds Write vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow.
network
low complexity
haxx canonical debian netapp siemens oracle redhat CWE-787
critical
9.8
2019-02-06 CVE-2019-3464 Improper Initialization vulnerability in multiple products
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
network
low complexity
pizzashack debian fedoraproject canonical CWE-665
critical
9.8