Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-19 CVE-2020-14409 Integer Overflow or Wraparound vulnerability in multiple products
SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.
7.8
2021-01-19 CVE-2021-20190 A flaw was found in jackson-databind before 2.9.10.7.
network
high complexity
fasterxml netapp apache debian oracle
8.1
2021-01-18 CVE-2020-36193 Link Following vulnerability in multiple products
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
network
low complexity
php fedoraproject debian drupal CWE-59
7.5
2021-01-14 CVE-2021-21261 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
local
low complexity
flatpak debian
8.8
2021-01-14 CVE-2020-16119 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released.
local
low complexity
linux canonical debian CWE-416
7.8
2021-01-13 CVE-2020-28374 Path Traversal vulnerability in multiple products
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.
network
low complexity
linux fedoraproject debian CWE-22
8.1
2021-01-12 CVE-2020-35459 OS Command Injection vulnerability in multiple products
An issue was discovered in ClusterLabs crmsh through 4.2.1.
local
low complexity
clusterlabs debian CWE-78
7.8
2021-01-12 CVE-2020-35653 Out-of-bounds Read vulnerability in multiple products
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
network
low complexity
python fedoraproject debian CWE-125
7.1
2021-01-08 CVE-2021-21116 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
8.8
2021-01-08 CVE-2021-21114 Use After Free vulnerability in multiple products
Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8