Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-27 | CVE-2021-3148 | Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 9.8 |
2021-02-27 | CVE-2021-3144 | Insufficient Session Expiration vulnerability in multiple products In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. | 9.1 |
2021-02-27 | CVE-2021-25283 | Code Injection vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.8 |
2021-02-27 | CVE-2021-25282 | Path Traversal vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.1 |
2021-02-27 | CVE-2021-25281 | Improper Authentication vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.8 |
2021-02-22 | CVE-2021-26120 | Code Injection vulnerability in multiple products Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | 9.8 |
2021-02-10 | CVE-2021-27135 | xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | 9.8 |
2021-02-10 | CVE-2020-36244 | Out-of-bounds Write vulnerability in multiple products The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6). | 9.8 |
2021-02-09 | CVE-2021-26937 | Argument Injection or Modification vulnerability in multiple products encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | 9.8 |
2021-01-19 | CVE-2021-3177 | Classic Buffer Overflow vulnerability in multiple products Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. | 9.8 |