Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-01-08 CVE-2021-21108 Use After Free vulnerability in multiple products
Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
 9.6
9.6
2021-01-08 CVE-2021-21107 Use After Free vulnerability in multiple products
Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
 9.6
9.6
2021-01-08 CVE-2021-21106 Use After Free vulnerability in multiple products
Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
 9.6
9.6
2020-12-31 CVE-2020-12658 Improper Locking vulnerability in multiple products
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c.
network
low complexity
gssproxy-project debian CWE-667
critical
 9.8
9.8
2020-12-21 CVE-2020-35605 The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
network
low complexity
kitty-project debian
critical
 9.8
9.8
2020-12-11 CVE-2020-7788 This affects the package ini before 1.3.6.
network
low complexity
ini-project debian
critical
 9.8
9.8
2020-12-07 CVE-2020-29600 Path Traversal vulnerability in multiple products
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format.
network
low complexity
awstats debian fedoraproject CWE-22
critical
 9.8
9.8
2020-11-30 CVE-2020-28926 Classic Buffer Overflow vulnerability in multiple products
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution.
network
low complexity
readymedia-project debian CWE-120
critical
 9.8
9.8
2020-11-27 CVE-2020-27745 Classic Buffer Overflow vulnerability in multiple products
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
network
low complexity
schedmd debian CWE-120
critical
 9.8
9.8
2020-11-23 CVE-2020-28984 prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
network
low complexity
spip debian
critical
 9.8
9.8