Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-27 | CVE-2019-25042 | Out-of-bounds Write vulnerability in multiple products Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. | 9.8 |
2021-04-27 | CVE-2019-25033 | Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. | 9.8 |
2021-04-27 | CVE-2019-25038 | Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. | 9.8 |
2021-04-27 | CVE-2019-25035 | Out-of-bounds Write vulnerability in multiple products Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. | 9.8 |
2021-04-26 | CVE-2021-21226 | Use After Free vulnerability in multiple products Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-04-26 | CVE-2021-21201 | Use After Free vulnerability in multiple products Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-04-26 | CVE-2021-21223 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-04-06 | CVE-2021-30164 | Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. | 9.8 |
2021-04-05 | CVE-2021-20308 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. | 9.8 |
2021-04-05 | CVE-2021-20307 | Use of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. | 9.8 |