Vulnerabilities > Debian > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-22 | CVE-2021-26120 | Code Injection vulnerability in multiple products Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | 9.8 |
| 2021-02-10 | CVE-2021-27135 | xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | 9.8 |
| 2021-02-10 | CVE-2020-36244 | Out-of-bounds Write vulnerability in multiple products The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6). | 9.8 |
| 2021-02-09 | CVE-2021-26937 | Argument Injection or Modification vulnerability in multiple products encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | 9.8 |
| 2021-01-19 | CVE-2021-3177 | Classic Buffer Overflow vulnerability in multiple products Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. | 9.8 |
| 2021-01-14 | CVE-2021-23926 | XML Entity Expansion vulnerability in multiple products The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. | 9.1 |
| 2021-01-08 | CVE-2021-21115 | Use After Free vulnerability in multiple products User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2021-01-08 | CVE-2021-21111 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 9.6 |
| 2021-01-08 | CVE-2021-21110 | Use After Free vulnerability in multiple products Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2021-01-08 | CVE-2021-21109 | Use After Free vulnerability in multiple products Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |