Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-11-30 CVE-2020-28926 Classic Buffer Overflow vulnerability in multiple products
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution.
network
low complexity
readymedia-project debian CWE-120
critical
 9.8
9.8
2020-11-27 CVE-2020-27745 Classic Buffer Overflow vulnerability in multiple products
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
network
low complexity
schedmd debian CWE-120
critical
 9.8
9.8
2020-11-23 CVE-2020-28984 prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
network
low complexity
spip debian
critical
 9.8
9.8
2020-11-19 CVE-2019-20933 Improper Authentication vulnerability in multiple products
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
network
low complexity
influxdata debian CWE-287
critical
 9.8
9.8
2020-11-10 CVE-2020-25074 Path Traversal vulnerability in multiple products
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request.
network
low complexity
moinmo debian CWE-22
critical
 9.8
9.8
2020-11-06 CVE-2020-25592 Improper Authentication vulnerability in multiple products
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens.
network
low complexity
saltstack debian CWE-287
critical
 9.8
9.8
2020-11-06 CVE-2020-16846 OS Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt through 3002.
network
low complexity
saltstack debian fedoraproject opensuse CWE-78
critical
 9.8
9.8
2020-11-05 CVE-2020-17510 Improper Authentication vulnerability in multiple products
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
network
low complexity
apache debian CWE-287
critical
 9.8
9.8
2020-11-03 CVE-2020-16011 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google opensuse debian CWE-787
critical
 9.6
9.6
2020-11-03 CVE-2020-15999 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google freetype debian fedoraproject opensuse netapp CWE-787
critical
 9.6
9.6