Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-04-27 CVE-2019-25042 Out-of-bounds Write vulnerability in multiple products
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.
network
low complexity
nlnetlabs debian CWE-787
critical
 9.8
9.8
2021-04-27 CVE-2019-25033 Integer Overflow or Wraparound vulnerability in multiple products
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.
network
low complexity
nlnetlabs debian CWE-190
critical
 9.8
9.8
2021-04-27 CVE-2019-25038 Integer Overflow or Wraparound vulnerability in multiple products
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.
network
low complexity
nlnetlabs debian CWE-190
critical
 9.8
9.8
2021-04-27 CVE-2019-25035 Out-of-bounds Write vulnerability in multiple products
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.
network
low complexity
nlnetlabs debian CWE-787
critical
 9.8
9.8
2021-04-26 CVE-2021-21226 Use After Free vulnerability in multiple products
Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
critical
 9.6
9.6
2021-04-26 CVE-2021-21201 Use After Free vulnerability in multiple products
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
critical
 9.6
9.6
2021-04-26 CVE-2021-21223 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-190
critical
 9.6
9.6
2021-04-06 CVE-2021-30164 Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
network
low complexity
redmine debian
critical
 9.8
9.8
2021-04-05 CVE-2021-20308 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.
network
low complexity
htmldoc-project debian CWE-190
critical
 9.8
9.8
2021-04-05 CVE-2021-20307 Use of Externally-Controlled Format String vulnerability in multiple products
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
network
low complexity
libpano13-project fedoraproject debian CWE-134
critical
 9.8
9.8