Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-05-21 CVE-2020-6469 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google debian opensuse fedoraproject CWE-276
critical
 9.6
9.6
2020-05-21 CVE-2020-6471 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google fedoraproject opensuse debian CWE-276
critical
 9.6
9.6
2020-05-12 CVE-2020-12823 Classic Buffer Overflow vulnerability in multiple products
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
network
low complexity
infradead fedoraproject debian opensuse CWE-120
critical
 9.8
9.8
2020-05-12 CVE-2020-8159 Path Traversal vulnerability in multiple products
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
network
low complexity
rubyonrails debian CWE-22
critical
 9.8
9.8
2020-04-28 CVE-2020-12284 Out-of-bounds Write vulnerability in multiple products
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
network
low complexity
ffmpeg canonical debian CWE-787
critical
 10.0
10
2020-04-27 CVE-2020-12278 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0.
network
low complexity
libgit2 debian CWE-706
critical
 9.8
9.8
2020-04-27 CVE-2020-12279 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0.
network
low complexity
libgit2 debian CWE-706
critical
 9.8
9.8
2020-04-27 CVE-2019-18823 Improper Authentication vulnerability in multiple products
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control.
network
low complexity
wisc fedoraproject debian CWE-287
critical
 9.8
9.8
2020-04-23 CVE-2020-11945 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in Squid before 5.0.2.
network
low complexity
squid-cache debian opensuse fedoraproject canonical CWE-190
critical
 9.8
9.8
2020-03-25 CVE-2020-1957 Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
network
low complexity
apache debian
critical
 9.8
9.8