Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-10-01 CVE-2020-15227 Code Injection vulnerability in multiple products
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE.
network
low complexity
nette debian CWE-94
critical
 9.8
9.8
2020-09-30 CVE-2020-26154 Classic Buffer Overflow vulnerability in multiple products
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
network
low complexity
libproxy-project fedoraproject debian opensuse CWE-120
critical
 9.8
9.8
2020-09-21 CVE-2020-6573 Use After Free vulnerability in multiple products
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-09-21 CVE-2020-15963 Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian
critical
 9.6
9.6
2020-09-21 CVE-2020-15961 Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian
critical
 9.6
9.6
2020-09-14 CVE-2020-24660 Forced Browsing vulnerability in multiple products
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used.
network
low complexity
lemonldap-ng debian CWE-425
critical
 9.8
9.8
2020-09-09 CVE-2020-24916 OS Command Injection vulnerability in multiple products
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
network
low complexity
yaws debian canonical CWE-78
critical
 9.8
9.8
2020-09-09 CVE-2020-24379 XXE vulnerability in multiple products
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
network
low complexity
yaws debian canonical CWE-611
critical
 9.8
9.8
2020-08-16 CVE-2020-24361 Improper Check for Dropped Privileges vulnerability in multiple products
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec.
network
low complexity
snmptt debian CWE-273
critical
 9.8
9.8
2020-08-12 CVE-2020-17446 Access of Uninitialized Pointer vulnerability in multiple products
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder.
network
low complexity
magic debian CWE-824
critical
 9.8
9.8