Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-09-21 CVE-2020-15963 Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian
critical
 9.6
9.6
2020-09-21 CVE-2020-6573 Use After Free vulnerability in multiple products
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-09-09 CVE-2020-24379 XXE vulnerability in multiple products
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
network
low complexity
yaws debian canonical CWE-611
critical
 9.8
9.8
2020-09-09 CVE-2020-24916 OS Command Injection vulnerability in multiple products
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
network
low complexity
yaws debian canonical CWE-78
critical
 9.8
9.8
2020-08-16 CVE-2020-24361 Improper Check for Dropped Privileges vulnerability in multiple products
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec.
network
low complexity
snmptt debian CWE-273
critical
 9.8
9.8
2020-08-12 CVE-2020-17446 Access of Uninitialized Pointer vulnerability in multiple products
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
network
low complexity
magic debian CWE-824
critical
 9.8
9.8
2020-08-11 CVE-2020-17368 OS Command Injection vulnerability in multiple products
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
network
low complexity
firejail-project debian fedoraproject opensuse CWE-78
critical
 9.8
9.8
2020-08-07 CVE-2020-11984 Classic Buffer Overflow vulnerability in multiple products
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
network
low complexity
apache netapp canonical debian fedoraproject opensuse oracle CWE-120
critical
 9.8
9.8
2020-08-05 CVE-2020-17353 scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
network
low complexity
lilypond fedoraproject debian opensuse
critical
 9.8
9.8
2020-07-27 CVE-2020-12460 Out-of-bounds Write vulnerability in multiple products
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report.
network
low complexity
trusteddomain fedoraproject debian CWE-787
critical
 9.8
9.8