Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-12 CVE-2020-35459 Improper Privilege Management vulnerability in multiple products
An issue was discovered in ClusterLabs crmsh through 4.2.1.
local
low complexity
clusterlabs debian CWE-269
7.2
2021-01-12 CVE-2020-35653 Out-of-bounds Read vulnerability in multiple products
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
network
low complexity
python fedoraproject debian CWE-125
7.1
2021-01-11 CVE-2021-0308 Out-of-bounds Write vulnerability in multiple products
In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check.
local
low complexity
google debian CWE-787
7.2
2021-01-08 CVE-2021-21116 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
8.8
2021-01-08 CVE-2021-21114 Use After Free vulnerability in multiple products
Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
2021-01-08 CVE-2021-21113 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
8.8
2021-01-08 CVE-2021-21112 Use After Free vulnerability in multiple products
Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
2021-01-08 CVE-2020-16043 Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic.
network
low complexity
google debian fedoraproject
8.8
2021-01-08 CVE-2020-26664 Out-of-bounds Write vulnerability in multiple products
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
local
low complexity
videolan debian CWE-787
7.8
2021-01-08 CVE-2021-1056 Incorrect Default Permissions vulnerability in multiple products
NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.
local
low complexity
nvidia debian CWE-276
7.1