Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-02-22 CVE-2021-26120 Code Injection vulnerability in multiple products
Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.
network
low complexity
smarty debian CWE-94
critical
9.8
2021-02-10 CVE-2021-27135 xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
network
low complexity
invisible-island debian fedoraproject
critical
9.8
2021-02-10 CVE-2020-36244 Out-of-bounds Write vulnerability in multiple products
The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6).
network
low complexity
genivi debian CWE-787
critical
9.8
2021-02-09 CVE-2021-26937 Argument Injection or Modification vulnerability in multiple products
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
network
low complexity
gnu debian fedoraproject CWE-88
critical
9.8
2021-01-19 CVE-2021-3177 Classic Buffer Overflow vulnerability in multiple products
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param.
network
low complexity
python fedoraproject netapp debian oracle CWE-120
critical
9.8
2021-01-14 CVE-2021-23926 XML Entity Expansion vulnerability in multiple products
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input.
network
low complexity
apache netapp debian oracle CWE-776
critical
9.1
2021-01-08 CVE-2021-21115 Use After Free vulnerability in multiple products
User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
9.6
2021-01-08 CVE-2021-21111 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google fedoraproject debian CWE-1021
critical
9.6
2021-01-08 CVE-2021-21110 Use After Free vulnerability in multiple products
Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
9.6
2021-01-08 CVE-2021-21109 Use After Free vulnerability in multiple products
Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
9.6