Debian

Debian Linux

9144 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2020-26116

Exploit
  • EPSS 0.53%
  • Veröffentlicht 27.09.2020 04:15:11
  • Zuletzt bearbeitet 21.11.2024 05:19:16

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first ar...

8.1

CVE-2020-26117

  • EPSS 0.94%
  • Veröffentlicht 27.09.2020 04:15:11
  • Zuletzt bearbeitet 21.11.2024 05:19:16

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client...

3.2

CVE-2020-25084

  • EPSS 0.03%
  • Veröffentlicht 25.09.2020 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:17:13

QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.

5

CVE-2020-25085

Exploit
  • EPSS 0.04%
  • Veröffentlicht 25.09.2020 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:17:13

QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.

5.3

CVE-2020-25625

  • EPSS 0.07%
  • Veröffentlicht 25.09.2020 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:16

hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.

5.5

CVE-2020-26088

  • EPSS 0.01%
  • Veröffentlicht 24.09.2020 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:19:12

A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.

5.5

CVE-2020-25596

  • EPSS 0.09%
  • Veröffentlicht 23.09.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:18:11

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault,...

7

CVE-2020-25599

  • EPSS 0.07%
  • Veröffentlicht 23.09.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:18:12

An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal as...

5.5

CVE-2020-25600

  • EPSS 0.1%
  • Veröffentlicht 23.09.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:18:12

An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bi...

5.5

CVE-2020-25601

  • EPSS 0.08%
  • Veröffentlicht 23.09.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:18:12

An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of the...