Debian

Debian Linux

9144 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-3598

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.07.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:56

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw ...

7.5

CVE-2021-35197

Exploit
  • EPSS 0.73%
  • Veröffentlicht 02.07.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:12:01

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API...

5.5

CVE-2021-3630

  • EPSS 0.11%
  • Veröffentlicht 30.06.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:01

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.

7.5

CVE-2021-32566

  • EPSS 6%
  • Veröffentlicht 30.06.2021 08:15:06
  • Zuletzt bearbeitet 21.11.2024 06:07:16

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

7.5

CVE-2021-32567

  • EPSS 6%
  • Veröffentlicht 30.06.2021 08:15:06
  • Zuletzt bearbeitet 21.11.2024 06:07:17

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

9.8

CVE-2021-35474

  • EPSS 9.21%
  • Veröffentlicht 30.06.2021 08:15:06
  • Zuletzt bearbeitet 21.11.2024 06:12:20

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

7.5

CVE-2021-27577

  • EPSS 0.68%
  • Veröffentlicht 29.06.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 05:58:13

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

7.5

CVE-2021-32565

  • EPSS 5.68%
  • Veröffentlicht 29.06.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:16

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

5.8

CVE-2021-33515

  • EPSS 3.63%
  • Veröffentlicht 28.06.2021 13:15:20
  • Zuletzt bearbeitet 21.11.2024 06:08:59

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

7.8

CVE-2021-3500

  • EPSS 0.29%
  • Veröffentlicht 24.06.2021 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:21:41

A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.