Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-19 | CVE-2020-14409 | Integer Overflow or Wraparound vulnerability in multiple products SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. | 7.8 |
2021-01-19 | CVE-2021-20190 | A flaw was found in jackson-databind before 2.9.10.7. | 8.1 |
2021-01-18 | CVE-2020-36193 | Link Following vulnerability in multiple products Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. | 7.5 |
2021-01-14 | CVE-2021-21261 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. | 8.8 |
2021-01-14 | CVE-2020-16119 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. | 7.8 |
2021-01-13 | CVE-2020-28374 | Path Traversal vulnerability in multiple products In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. | 8.1 |
2021-01-12 | CVE-2020-35459 | OS Command Injection vulnerability in multiple products An issue was discovered in ClusterLabs crmsh through 4.2.1. | 7.8 |
2021-01-12 | CVE-2020-35653 | Out-of-bounds Read vulnerability in multiple products In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | 7.1 |
2021-01-08 | CVE-2021-21116 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-01-08 | CVE-2021-21114 | Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |