Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-09-12 CVE-2018-16947 Improper Authentication vulnerability in multiple products
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2.
network
low complexity
openafs debian CWE-287
critical
 9.8
9.8
2018-09-07 CVE-2018-16657 NULL Pointer Dereference vulnerability in multiple products
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio.
network
low complexity
debian kamailio CWE-476
critical
 9.8
9.8
2018-09-05 CVE-2018-14618 Integer Overflow or Wraparound vulnerability in multiple products
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code.
network
low complexity
haxx canonical debian redhat CWE-190
critical
 9.8
9.8
2018-09-03 CVE-2018-16402 Double Free vulnerability in multiple products
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
network
low complexity
elfutils-project debian redhat opensuse canonical CWE-415
critical
 9.8
9.8
2018-08-28 CVE-2017-15398 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
network
low complexity
google redhat debian CWE-119
critical
 9.8
9.8
2018-08-26 CVE-2011-2767 Code Injection vulnerability in multiple products
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
network
low complexity
apache debian redhat canonical CWE-94
critical
 9.8
9.8
2018-08-24 CVE-2018-14600 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in libX11 through 1.6.5.
network
low complexity
x-org debian canonical CWE-787
critical
 9.8
9.8
2018-08-24 CVE-2018-14599 Off-by-one Error vulnerability in multiple products
An issue was discovered in libX11 through 1.6.5.
network
low complexity
x-org debian canonical fedoraproject redhat CWE-193
critical
 9.8
9.8
2018-08-18 CVE-2018-15494 Improper Encoding or Escaping of Output vulnerability in multiple products
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
network
low complexity
dojotoolkit debian CWE-116
critical
 9.8
9.8
2018-08-01 CVE-2015-9262 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
network
low complexity
debian canonical x redhat CWE-119
critical
 9.8
9.8