Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-02-04 CVE-2019-7314 Use After Free vulnerability in multiple products
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
network
low complexity
live555 debian CWE-416
critical
9.8
2019-01-30 CVE-2018-20750 Out-of-bounds Write vulnerability in multiple products
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c.
network
low complexity
libvnc-project canonical debian siemens CWE-787
critical
9.8
2019-01-30 CVE-2018-20749 Out-of-bounds Write vulnerability in multiple products
LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c.
network
low complexity
libvnc-project canonical debian siemens CWE-787
critical
9.8
2019-01-30 CVE-2018-20748 Out-of-bounds Write vulnerability in multiple products
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c.
network
low complexity
libvnc-project debian canonical siemens CWE-787
critical
9.8
2019-01-28 CVE-2019-6978 Double Free vulnerability in multiple products
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c.
network
low complexity
libgd debian canonical CWE-415
critical
9.8
2019-01-22 CVE-2019-6339 Improper Input Validation vulnerability in multiple products
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI.
network
low complexity
drupal debian CWE-20
critical
9.8
2019-01-16 CVE-2018-20721 Out-of-bounds Read vulnerability in multiple products
URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
network
low complexity
uriparser-project debian CWE-125
critical
9.8
2019-01-14 CVE-2019-6256 Improper Handling of Exceptional Conditions vulnerability in multiple products
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93.
network
low complexity
live555 debian CWE-755
critical
9.8
2019-01-09 CVE-2018-6127 Use After Free vulnerability in multiple products
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
critical
9.6
2019-01-09 CVE-2018-16068 Improper Input Validation vulnerability in multiple products
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
critical
9.6