Debian

Debian Linux

9202 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-11043

Warnung Exploit
  • EPSS 94.11%
  • Veröffentlicht 28.10.2019 15:15:13
  • Zuletzt bearbeitet 03.11.2025 19:23:46

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the p...

7.5

CVE-2019-17596

Exploit
  • EPSS 2.34%
  • Veröffentlicht 24.10.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:36

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

7.5

CVE-2019-18408

  • EPSS 5.33%
  • Veröffentlicht 24.10.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:33:12

archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.

4.3

CVE-2019-18281

  • EPSS 1.75%
  • Veröffentlicht 23.10.2019 15:15:14
  • Zuletzt bearbeitet 21.11.2024 04:32:57

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directio...

5.4

CVE-2019-15587

  • EPSS 2.08%
  • Veröffentlicht 22.10.2019 21:15:10
  • Zuletzt bearbeitet 21.11.2024 04:29:04

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

8.1

CVE-2019-17498

Exploit
  • EPSS 2.03%
  • Veröffentlicht 21.10.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:22

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be ...

7.8

CVE-2019-18218

Exploit
  • EPSS 0.23%
  • Veröffentlicht 21.10.2019 05:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:51

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

7.5

CVE-2019-18197

  • EPSS 3.01%
  • Veröffentlicht 18.10.2019 21:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:48

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be...

9

CVE-2019-14287

Exploit
  • EPSS 86.13%
  • Veröffentlicht 17.10.2019 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:26:22

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !r...

6.1

CVE-2019-17672

  • EPSS 6.27%
  • Veröffentlicht 17.10.2019 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:32:45

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.