Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-04-02 CVE-2021-1871 A logic issue was addressed with improved restrictions.
network
low complexity
apple debian fedoraproject
critical
9.8
2021-03-25 CVE-2020-1946 OS Command Injection vulnerability in multiple products
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors.
network
low complexity
apache debian fedoraproject CWE-78
critical
9.8
2021-03-23 CVE-2021-21351 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-434
critical
9.1
2021-03-23 CVE-2021-21350 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-434
critical
9.8
2021-03-23 CVE-2021-21347 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-434
critical
9.8
2021-03-23 CVE-2021-21346 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-434
critical
9.8
2021-03-23 CVE-2021-21345 OS Command Injection vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-78
critical
9.9
2021-03-23 CVE-2021-21344 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-434
critical
9.8
2021-03-23 CVE-2021-21342 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-502
critical
9.1
2021-03-19 CVE-2021-28834 Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
network
low complexity
kramdown-project fedoraproject debian
critical
9.8