Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-12-31 CVE-2020-12658 Improper Locking vulnerability in multiple products
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c.
network
low complexity
gssproxy-project debian CWE-667
critical
 9.8
9.8
2020-12-21 CVE-2020-35605 The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
network
low complexity
kitty-project debian
critical
 9.8
9.8
2020-12-11 CVE-2020-7788 This affects the package ini before 1.3.6.
network
low complexity
ini-project debian
critical
 9.8
9.8
2020-12-07 CVE-2020-29600 Path Traversal vulnerability in multiple products
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format.
network
low complexity
awstats debian fedoraproject CWE-22
critical
 9.8
9.8
2020-11-30 CVE-2020-28926 Classic Buffer Overflow vulnerability in multiple products
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution.
network
low complexity
readymedia-project debian CWE-120
critical
 9.8
9.8
2020-11-27 CVE-2020-27745 Classic Buffer Overflow vulnerability in multiple products
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
network
low complexity
schedmd debian CWE-120
critical
 9.8
9.8
2020-11-23 CVE-2020-28984 prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
network
low complexity
spip debian
critical
 9.8
9.8
2020-11-19 CVE-2019-20933 Improper Authentication vulnerability in multiple products
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
network
low complexity
influxdata debian CWE-287
critical
 9.8
9.8
2020-11-10 CVE-2020-25074 Path Traversal vulnerability in multiple products
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request.
network
low complexity
moinmo debian CWE-22
critical
 9.8
9.8
2020-11-06 CVE-2020-16846 OS Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt through 3002.
network
low complexity
saltstack debian fedoraproject CWE-78
critical
 9.8
9.8