Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-11-02 CVE-2020-28032 Deserialization of Untrusted Data vulnerability in multiple products
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.
network
low complexity
wordpress fedoraproject debian CWE-502
critical
 9.8
9.8
2020-10-22 CVE-2020-15683 Use After Free vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3.
network
low complexity
mozilla debian opensuse CWE-416
critical
 9.8
9.8
2020-10-10 CVE-2020-26935 SQL Injection vulnerability in multiple products
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-89
critical
 9.8
9.8
2020-10-07 CVE-2020-11800 Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
network
low complexity
zabbix opensuse debian
critical
 9.8
9.8
2020-10-01 CVE-2020-15227 Code Injection vulnerability in multiple products
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE.
network
low complexity
nette debian CWE-94
critical
 9.8
9.8
2020-09-30 CVE-2020-26154 Classic Buffer Overflow vulnerability in multiple products
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
network
low complexity
libproxy-project fedoraproject debian opensuse CWE-120
critical
 9.8
9.8
2020-09-21 CVE-2020-6573 Use After Free vulnerability in multiple products
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-09-21 CVE-2020-15963 Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian
critical
 9.6
9.6
2020-09-21 CVE-2020-15961 Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian
critical
 9.6
9.6
2020-09-14 CVE-2020-24660 Forced Browsing vulnerability in multiple products
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used.
network
low complexity
lemonldap-ng debian CWE-425
critical
 9.8
9.8