Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-09-09 CVE-2020-24916 OS Command Injection vulnerability in multiple products
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
network
low complexity
yaws debian canonical CWE-78
critical
 9.8
9.8
2020-09-09 CVE-2020-24379 XXE vulnerability in multiple products
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
network
low complexity
yaws debian canonical CWE-611
critical
 9.8
9.8
2020-08-16 CVE-2020-24361 Improper Check for Dropped Privileges vulnerability in multiple products
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec.
network
low complexity
snmptt debian CWE-273
critical
 9.8
9.8
2020-08-12 CVE-2020-17446 Access of Uninitialized Pointer vulnerability in multiple products
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
network
low complexity
magic debian CWE-824
critical
 9.8
9.8
2020-08-11 CVE-2020-17368 OS Command Injection vulnerability in multiple products
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
network
low complexity
firejail-project debian fedoraproject opensuse CWE-78
critical
 9.8
9.8
2020-08-07 CVE-2020-11984 Classic Buffer Overflow vulnerability in multiple products
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
network
low complexity
apache netapp canonical debian fedoraproject opensuse oracle CWE-120
critical
 9.8
9.8
2020-08-05 CVE-2020-17353 scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
network
low complexity
lilypond fedoraproject debian opensuse
critical
 9.8
9.8
2020-07-27 CVE-2020-12460 Out-of-bounds Write vulnerability in multiple products
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report.
network
low complexity
trusteddomain fedoraproject debian CWE-787
critical
 9.8
9.8
2020-07-22 CVE-2020-6522 Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject
critical
 9.6
9.6
2020-07-21 CVE-2020-15866 Out-of-bounds Write vulnerability in multiple products
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling.
network
low complexity
mruby debian CWE-787
critical
 9.8
9.8