Debian

Debian Linux

9142 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-20299

  • EPSS 0.17%
  • Veröffentlicht 16.03.2022 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:46:18

A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

6.5

CVE-2021-20257

  • EPSS 0.1%
  • Veröffentlicht 16.03.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 05:46:13

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to cons...

8.8

CVE-2022-27223

  • EPSS 0.5%
  • Veröffentlicht 16.03.2022 00:15:09
  • Zuletzt bearbeitet 21.11.2024 06:55:26

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.

7.5

CVE-2022-0778

Warnung
  • EPSS 9.1%
  • Veröffentlicht 15.03.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:39:22

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed ...

8.8

CVE-2021-43304

Exploit
  • EPSS 0.15%
  • Veröffentlicht 14.03.2022 23:15:08
  • Zuletzt bearbeitet 25.06.2025 20:49:29

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, cop...

8.8

CVE-2021-43305

Exploit
  • EPSS 0.28%
  • Veröffentlicht 14.03.2022 23:15:08
  • Zuletzt bearbeitet 25.06.2025 20:49:29

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, cop...

8.1

CVE-2021-42387

Exploit
  • EPSS 0.32%
  • Veröffentlicht 14.03.2022 23:15:07
  • Zuletzt bearbeitet 25.06.2025 20:49:29

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in th...

8.1

CVE-2021-42388

Exploit
  • EPSS 0.37%
  • Veröffentlicht 14.03.2022 23:15:07
  • Zuletzt bearbeitet 25.06.2025 20:49:29

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in th...

7.8

CVE-2022-0943

Exploit
  • EPSS 0.05%
  • Veröffentlicht 14.03.2022 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:39:42

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.

7.8

CVE-2022-20001

  • EPSS 0.64%
  • Veröffentlicht 14.03.2022 19:15:11
  • Zuletzt bearbeitet 21.11.2024 06:41:55

fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When us...