Vulnerabilities > Debian > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-27 | CVE-2020-27745 | Classic Buffer Overflow vulnerability in multiple products Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. | 9.8 |
| 2020-11-23 | CVE-2020-28984 | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. | 9.8 |
| 2020-11-19 | CVE-2019-20933 | Improper Authentication vulnerability in multiple products InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | 9.8 |
| 2020-11-10 | CVE-2020-25074 | Path Traversal vulnerability in multiple products The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. | 9.8 |
| 2020-11-06 | CVE-2020-25592 | Improper Authentication vulnerability in multiple products In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. | 9.8 |
| 2020-11-06 | CVE-2020-16846 | OS Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt through 3002. | 9.8 |
| 2020-11-05 | CVE-2020-17510 | Improper Authentication vulnerability in multiple products Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | 9.8 |
| 2020-11-03 | CVE-2020-16011 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2020-11-02 | CVE-2020-28039 | is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | 9.1 |
| 2020-11-02 | CVE-2020-28037 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). | 9.8 |