Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-21345 OS Command Injection vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-78
critical
 9.9
9.9
2021-03-23 CVE-2021-21344 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-434
critical
 9.8
9.8
2021-03-23 CVE-2021-21342 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-502
critical
 9.1
9.1
2021-03-19 CVE-2021-28834 Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
network
low complexity
kramdown-project fedoraproject debian
critical
 9.8
9.8
2021-03-19 CVE-2021-27928 Code Injection vulnerability in multiple products
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL.
network
low complexity
mariadb percona galeracluster debian CWE-94
critical
 9.0
9.0
2021-03-04 CVE-2020-35636 Improper Validation of Array Index vulnerability in multiple products
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read.
network
low complexity
cgal debian CWE-129
critical
 9.8
9.8
2021-03-04 CVE-2020-35628 Improper Validation of Array Index vulnerability in multiple products
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1.
network
low complexity
cgal fedoraproject debian CWE-129
critical
 9.8
9.8
2021-03-04 CVE-2020-28636 Improper Validation of Array Index vulnerability in multiple products
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1.
network
low complexity
cgal fedoraproject debian CWE-129
critical
 9.8
9.8
2021-03-04 CVE-2020-28601 Improper Validation of Array Index vulnerability in multiple products
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1.
network
low complexity
cgal fedoraproject debian CWE-129
critical
 9.8
9.8
2021-02-27 CVE-2021-3197 Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-74
critical
 9.8
9.8