Vulnerabilities > Debian > Debian Linux > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-13 | CVE-2020-28374 | Path Traversal vulnerability in multiple products In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. | 8.1 |
2021-01-12 | CVE-2020-35459 | Improper Privilege Management vulnerability in multiple products An issue was discovered in ClusterLabs crmsh through 4.2.1. | 7.2 |
2021-01-12 | CVE-2020-35653 | Out-of-bounds Read vulnerability in multiple products In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | 7.1 |
2021-01-11 | CVE-2021-0308 | Out-of-bounds Write vulnerability in multiple products In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. | 7.2 |
2021-01-08 | CVE-2021-21116 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-01-08 | CVE-2021-21114 | Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-01-08 | CVE-2021-21113 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-01-08 | CVE-2021-21112 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-01-08 | CVE-2020-16043 | Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic. | 8.8 |
2021-01-08 | CVE-2020-26664 | Out-of-bounds Write vulnerability in multiple products A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | 7.8 |