Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-02-06 CVE-2019-3463 Argument Injection or Modification vulnerability in multiple products
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
network
low complexity
pizzashack debian fedoraproject canonical CWE-88
critical
9.8
2019-02-05 CVE-2018-18505 Improper Authentication vulnerability in multiple products
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation.
network
low complexity
mozilla canonical debian redhat CWE-287
critical
10.0
2019-02-05 CVE-2018-18501 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4.
network
low complexity
mozilla canonical debian redhat CWE-119
critical
9.8
2019-02-05 CVE-2018-18500 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements.
network
low complexity
mozilla canonical debian redhat CWE-416
critical
9.8
2019-02-05 CVE-2018-8800 Out-of-bounds Write vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
network
low complexity
rdesktop debian opensuse CWE-787
critical
9.8
2019-02-05 CVE-2018-8797 Out-of-bounds Write vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
network
low complexity
rdesktop debian opensuse CWE-787
critical
9.8
2019-02-05 CVE-2018-8795 Integer Overflow or Wraparound vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
network
low complexity
rdesktop debian opensuse CWE-190
critical
9.8
2019-02-05 CVE-2018-8794 Integer Overflow or Wraparound vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
network
low complexity
rdesktop debian opensuse CWE-190
critical
9.8
2019-02-05 CVE-2018-8793 Out-of-bounds Write vulnerability in multiple products
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
network
low complexity
rdesktop debian opensuse CWE-787
critical
9.8
2019-02-05 CVE-2018-4056 SQL Injection vulnerability in multiple products
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9.
network
low complexity
coturn-project debian CWE-89
critical
9.8