Vulnerabilities > Debian > Debian Linux > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-03 | CVE-2020-15967 | Use After Free vulnerability in multiple products Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 8.8 |
2020-11-02 | CVE-2020-28033 | WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | 7.5 |
2020-11-02 | CVE-2020-28030 | Infinite Loop vulnerability in multiple products In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. | 7.5 |
2020-10-27 | CVE-2020-15238 | Argument Injection or Modification vulnerability in multiple products Blueman is a GTK+ Bluetooth Manager. | 7.0 |
2020-10-23 | CVE-2020-27216 | In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. | 7.0 |
2020-10-22 | CVE-2020-27672 | Use After Free vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. | 7.0 |
2020-10-22 | CVE-2020-27671 | An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. | 7.8 |
2020-10-22 | CVE-2020-27670 | Insufficient Verification of Data Authenticity vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. | 7.8 |
2020-10-22 | CVE-2020-27638 | Reachable Assertion vulnerability in multiple products receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. | 7.5 |
2020-10-16 | CVE-2020-9951 | Use After Free vulnerability in multiple products A use after free issue was addressed with improved memory management. | 8.8 |