Debian

Debian Linux

9144 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-22960

Exploit
  • EPSS 0.18%
  • Published 03.11.2021 20:15:08
  • Last modified 21.11.2024 05:51:01

The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

5.5

CVE-2021-40985

Exploit
  • EPSS 0.1%
  • Published 03.11.2021 17:15:08
  • Last modified 21.11.2024 06:25:11

A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.

7.5

CVE-2021-37148

  • EPSS 1.36%
  • Published 03.11.2021 16:15:08
  • Last modified 21.11.2024 06:14:43

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

7.5

CVE-2021-37149

  • EPSS 1.36%
  • Published 03.11.2021 16:15:08
  • Last modified 21.11.2024 06:14:43

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

8.1

CVE-2021-38161

  • EPSS 1.58%
  • Published 03.11.2021 16:15:08
  • Last modified 21.11.2024 06:16:31

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.

7.5

CVE-2021-37147

  • EPSS 0.89%
  • Published 03.11.2021 16:15:07
  • Last modified 21.11.2024 06:14:43

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

8.8

CVE-2021-38496

  • EPSS 1.09%
  • Published 03.11.2021 01:15:07
  • Last modified 21.11.2024 06:17:14

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, ...

8.8

CVE-2021-38500

  • EPSS 1.94%
  • Published 03.11.2021 01:15:07
  • Last modified 21.11.2024 06:17:15

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. T...

5.9

CVE-2021-38502

  • EPSS 0.46%
  • Published 03.11.2021 01:15:07
  • Last modified 21.11.2024 06:17:15

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen b...

9.6

CVE-2021-37981

  • EPSS 1.62%
  • Published 02.11.2021 22:15:08
  • Last modified 21.11.2024 06:16:11

Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.