Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-04-27 CVE-2019-25039 Integer Overflow or Wraparound vulnerability in multiple products
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.
network
low complexity
nlnetlabs debian CWE-190
critical
 9.8
9.8
2021-04-26 CVE-2021-21223 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-190
critical
 9.6
9.6
2021-04-26 CVE-2021-21201 Use After Free vulnerability in multiple products
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
critical
 9.6
9.6
2021-04-26 CVE-2021-21226 Use After Free vulnerability in multiple products
Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
critical
 9.6
9.6
2021-04-06 CVE-2021-30164 Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
network
low complexity
redmine debian
critical
 9.8
9.8
2021-04-05 CVE-2021-20307 Use of Externally-Controlled Format String vulnerability in multiple products
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
network
low complexity
libpano13-project fedoraproject debian CWE-134
critical
 9.8
9.8
2021-04-05 CVE-2021-20308 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.
network
low complexity
htmldoc-project debian CWE-190
critical
 9.8
9.8
2021-04-02 CVE-2021-1871 A logic issue was addressed with improved restrictions.
network
low complexity
apple debian fedoraproject
critical
 9.8
9.8
2021-03-25 CVE-2020-1946 OS Command Injection vulnerability in multiple products
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors.
network
low complexity
apache debian fedoraproject CWE-78
critical
 9.8
9.8
2021-03-23 CVE-2021-21342 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-502
critical
 9.1
9.1