Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-27 | CVE-2020-26117 | Improper Certificate Validation vulnerability in multiple products In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. | 8.1 |
2020-09-27 | CVE-2020-26116 | Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | 7.2 |
2020-09-23 | CVE-2020-25603 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 7.8 |
2020-09-23 | CVE-2020-25599 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 7.0 |
2020-09-23 | CVE-2020-25595 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 7.8 |
2020-09-21 | CVE-2020-6559 | Use After Free vulnerability in multiple products Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-09-21 | CVE-2020-6555 | Out-of-bounds Read vulnerability in multiple products Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 7.6 |
2020-09-21 | CVE-2020-6554 | Use After Free vulnerability in multiple products Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. | 8.6 |
2020-09-21 | CVE-2020-6553 | Use After Free vulnerability in multiple products Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-09-21 | CVE-2020-6552 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |