Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-27 CVE-2020-26117 Improper Certificate Validation vulnerability in multiple products
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions.
network
low complexity
tigervnc debian opensuse CWE-295
8.1
2020-09-27 CVE-2020-26116 Injection vulnerability in multiple products
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
7.2
2020-09-23 CVE-2020-25603 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject opensuse debian CWE-670
7.8
2020-09-23 CVE-2020-25599 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
high complexity
xen fedoraproject opensuse debian CWE-362
7.0
2020-09-23 CVE-2020-25595 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject debian opensuse CWE-269
7.8
2020-09-21 CVE-2020-6559 Use After Free vulnerability in multiple products
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
8.8
2020-09-21 CVE-2020-6555 Out-of-bounds Read vulnerability in multiple products
Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-125
7.6
2020-09-21 CVE-2020-6554 Use After Free vulnerability in multiple products
Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
local
low complexity
google debian fedoraproject CWE-416
8.6
2020-09-21 CVE-2020-6553 Use After Free vulnerability in multiple products
Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
2020-09-21 CVE-2020-6552 Use After Free vulnerability in multiple products
Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8