Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-01-08 CVE-2021-21111 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google fedoraproject debian CWE-1021
critical
 9.6
9.6
2021-01-08 CVE-2021-21115 Use After Free vulnerability in multiple products
User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
 9.6
9.6
2020-12-31 CVE-2020-12658 Improper Locking vulnerability in multiple products
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c.
network
low complexity
gssproxy-project debian CWE-667
critical
 9.8
9.8
2020-12-21 CVE-2020-35605 The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
network
low complexity
kitty-project debian
critical
 9.8
9.8
2020-12-11 CVE-2020-7788 This affects the package ini before 1.3.6.
network
low complexity
ini-project debian
critical
 9.8
9.8
2020-12-07 CVE-2020-29600 Path Traversal vulnerability in multiple products
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format.
network
low complexity
awstats debian fedoraproject CWE-22
critical
 9.8
9.8
2020-11-30 CVE-2020-28926 Classic Buffer Overflow vulnerability in multiple products
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution.
network
low complexity
readymedia-project debian CWE-120
critical
 9.8
9.8
2020-11-27 CVE-2020-27745 Classic Buffer Overflow vulnerability in multiple products
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
network
low complexity
schedmd debian CWE-120
critical
 9.8
9.8
2020-11-23 CVE-2020-28984 prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
network
low complexity
spip debian
critical
 9.8
9.8
2020-11-19 CVE-2019-20933 Improper Authentication vulnerability in multiple products
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
network
low complexity
influxdata debian CWE-287
critical
 9.8
9.8