Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-05-21 CVE-2020-6465 Use After Free vulnerability in multiple products
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-05-21 CVE-2020-6462 Use After Free vulnerability in multiple products
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian CWE-416
critical
 9.6
9.6
2020-05-21 CVE-2020-6461 Use After Free vulnerability in multiple products
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian CWE-416
critical
 9.6
9.6
2020-05-21 CVE-2020-6457 Use After Free vulnerability in multiple products
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian CWE-416
critical
 9.6
9.6
2020-05-12 CVE-2020-12823 Classic Buffer Overflow vulnerability in multiple products
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
network
low complexity
infradead fedoraproject debian opensuse CWE-120
critical
 9.8
9.8
2020-05-12 CVE-2020-8159 Path Traversal vulnerability in multiple products
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
network
low complexity
rubyonrails debian CWE-22
critical
 9.8
9.8
2020-04-30 CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
network
low complexity
saltstack opensuse debian canonical vmware
critical
 9.8
9.8
2020-04-28 CVE-2020-12284 Out-of-bounds Write vulnerability in multiple products
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
network
low complexity
ffmpeg canonical debian CWE-787
critical
 9.8
9.8
2020-04-27 CVE-2020-12279 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0.
network
low complexity
libgit2 debian CWE-706
critical
 9.8
9.8
2020-04-27 CVE-2020-12278 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0.
network
low complexity
libgit2 debian CWE-706
critical
 9.8
9.8