Debian

Debian Linux

9144 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.79%
  • Veröffentlicht 28.04.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:22

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.

  • EPSS 0.22%
  • Veröffentlicht 28.04.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:22

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.

  • EPSS 0.39%
  • Veröffentlicht 28.04.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:23

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.

  • EPSS 0.44%
  • Veröffentlicht 28.04.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:23

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.

Exploit
  • EPSS 3.3%
  • Veröffentlicht 27.04.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:01:11

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercuria...

  • EPSS 0.8%
  • Veröffentlicht 27.04.2021 06:15:07
  • Zuletzt bearbeitet 21.11.2024 04:39:46

Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_u...

  • EPSS 0.18%
  • Veröffentlicht 27.04.2021 06:15:07
  • Zuletzt bearbeitet 21.11.2024 04:39:47

Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally ex...

  • EPSS 0.24%
  • Veröffentlicht 27.04.2021 06:15:07
  • Zuletzt bearbeitet 21.11.2024 04:39:47

Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locall...

  • EPSS 0.73%
  • Veröffentlicht 27.04.2021 06:15:07
  • Zuletzt bearbeitet 21.11.2024 04:39:47

Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot ...

  • EPSS 0.73%
  • Veröffentlicht 27.04.2021 06:15:07
  • Zuletzt bearbeitet 21.11.2024 04:39:47

Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited