Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-14 | CVE-2021-23926 | XML Entity Expansion vulnerability in multiple products The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. | 9.1 |
| 2021-01-14 | CVE-2020-16119 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. | 7.8 |
| 2021-01-13 | CVE-2020-28374 | Path Traversal vulnerability in multiple products In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. | 8.1 |
| 2021-01-12 | CVE-2020-35459 | Improper Privilege Management vulnerability in multiple products An issue was discovered in ClusterLabs crmsh through 4.2.1. | 7.2 |
| 2021-01-12 | CVE-2021-23239 | Link Following vulnerability in multiple products The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | 2.5 |
| 2021-01-12 | CVE-2020-35653 | Out-of-bounds Read vulnerability in multiple products In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | 7.1 |
| 2021-01-11 | CVE-2021-0308 | Out-of-bounds Write vulnerability in multiple products In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. | 7.2 |
| 2021-01-11 | CVE-2020-26298 | Injection vulnerability in multiple products Redcarpet is a Ruby library for Markdown processing. | 5.4 |
| 2021-01-08 | CVE-2021-21116 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-01-08 | CVE-2021-21115 | Use After Free vulnerability in multiple products User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |