Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-05-21 CVE-2020-6457 Use After Free vulnerability in multiple products
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian CWE-416
critical
 9.6
9.6
2020-05-12 CVE-2020-12823 Classic Buffer Overflow vulnerability in multiple products
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
network
low complexity
infradead fedoraproject debian opensuse CWE-120
critical
 9.8
9.8
2020-05-12 CVE-2020-8159 Path Traversal vulnerability in multiple products
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
network
low complexity
rubyonrails debian CWE-22
critical
 9.8
9.8
2020-04-30 CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
network
low complexity
saltstack opensuse debian canonical vmware
critical
 9.8
9.8
2020-04-28 CVE-2020-12284 Out-of-bounds Write vulnerability in multiple products
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
network
low complexity
ffmpeg canonical debian CWE-787
critical
 9.8
9.8
2020-04-27 CVE-2020-12279 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0.
network
low complexity
libgit2 debian CWE-706
critical
 9.8
9.8
2020-04-27 CVE-2020-12278 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0.
network
low complexity
libgit2 debian CWE-706
critical
 9.8
9.8
2020-04-27 CVE-2019-18823 Improper Authentication vulnerability in multiple products
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control.
network
low complexity
wisc fedoraproject debian CWE-287
critical
 9.8
9.8
2020-04-27 CVE-2020-12268 Out-of-bounds Write vulnerability in multiple products
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
network
low complexity
artifex debian opensuse CWE-787
critical
 9.8
9.8
2020-04-23 CVE-2019-20788 Integer Overflow or Wraparound vulnerability in multiple products
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value.
network
low complexity
libvnc-project canonical debian siemens CWE-190
critical
 9.8
9.8