Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-01	CVE-2023-1523	Injection vulnerability in Canonical Snapd Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. network low complexity canonical CWE-74 critical	10.0
2022-01-31	CVE-2021-45079	NULL Pointer Dereference vulnerability in multiple products In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. network low complexity strongswan debian fedoraproject canonical CWE-476 critical	9.1
2020-11-02	CVE-2020-28039	is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. network low complexity wordpress debian canonical critical	9.1
2020-09-09	CVE-2020-24379	XXE vulnerability in multiple products WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. network low complexity yaws debian canonical CWE-611 critical	9.8
2020-09-09	CVE-2020-24916	OS Command Injection vulnerability in multiple products CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. network low complexity yaws debian canonical CWE-78 critical	9.8
2020-08-07	CVE-2020-11984	Classic Buffer Overflow vulnerability in multiple products Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE network low complexity apache netapp canonical debian fedoraproject opensuse oracle CWE-120 critical	9.8
2020-07-28	CVE-2020-15900	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. network low complexity artifex canonical opensuse CWE-191 critical	9.8
2020-07-17	CVE-2020-14001	Missing Authorization vulnerability in multiple products The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). network low complexity kramdown-project debian fedoraproject canonical CWE-862 critical	9.8
2020-07-14	CVE-2020-13753	Improper Input Validation vulnerability in multiple products The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. network low complexity wpewebkit webkitgtk fedoraproject debian canonical opensuse CWE-20 critical	10.0
2020-06-30	CVE-2017-18922	Out-of-bounds Write vulnerability in multiple products It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. network low complexity libvncserver-project canonical opensuse fedoraproject siemens CWE-787 critical	9.8