Vulnerabilities > Debian > Debian Linux > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-08 | CVE-2021-21108 | Use After Free vulnerability in multiple products Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-01-08 | CVE-2021-21109 | Use After Free vulnerability in multiple products Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-01-08 | CVE-2021-21110 | Use After Free vulnerability in multiple products Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-01-08 | CVE-2021-21111 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 9.6 |
2021-01-08 | CVE-2021-21115 | Use After Free vulnerability in multiple products User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2020-12-31 | CVE-2020-12658 | Improper Locking vulnerability in multiple products gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. | 9.8 |
2020-12-11 | CVE-2020-7788 | This affects the package ini before 1.3.6. | 9.8 |
2020-12-07 | CVE-2020-29600 | Path Traversal vulnerability in multiple products In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. | 9.8 |
2020-11-19 | CVE-2019-20933 | Improper Authentication vulnerability in multiple products InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | 9.8 |
2020-11-06 | CVE-2020-16846 | OS Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt through 3002. | 9.8 |