Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-11-19 CVE-2019-20933 Improper Authentication vulnerability in multiple products
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
network
low complexity
influxdata debian CWE-287
critical
 9.8
9.8
2020-11-10 CVE-2020-25074 Path Traversal vulnerability in multiple products
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request.
network
low complexity
moinmo debian CWE-22
critical
 9.8
9.8
2020-11-06 CVE-2020-25592 Improper Authentication vulnerability in multiple products
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens.
network
low complexity
saltstack debian CWE-287
critical
 9.8
9.8
2020-11-06 CVE-2020-16846 OS Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt through 3002.
network
low complexity
saltstack debian fedoraproject CWE-78
critical
 9.8
9.8
2020-11-05 CVE-2020-17510 Improper Authentication vulnerability in multiple products
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
network
low complexity
apache debian CWE-287
critical
 9.8
9.8
2020-11-03 CVE-2020-16011 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google opensuse debian CWE-787
critical
 9.6
9.6
2020-11-02 CVE-2020-28039 is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
network
low complexity
wordpress debian canonical
critical
 9.1
9.1
2020-11-02 CVE-2020-28037 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).
network
low complexity
wordpress fedoraproject debian CWE-754
critical
 9.8
9.8
2020-11-02 CVE-2020-28036 Missing Authorization vulnerability in multiple products
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.
network
low complexity
wordpress fedoraproject debian CWE-862
critical
 9.8
9.8
2020-11-02 CVE-2020-28035 WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.
network
low complexity
wordpress fedoraproject debian
critical
 9.8
9.8