Debian

Debian Linux

9144 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-33285

  • EPSS 0.09%
  • Published 07.09.2021 14:15:11
  • Last modified 21.11.2024 06:08:38

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out...

7.8

CVE-2021-33289

  • EPSS 0.18%
  • Published 07.09.2021 14:15:11
  • Last modified 21.11.2024 06:08:39

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.

7.8

CVE-2021-35268

  • EPSS 0.18%
  • Published 07.09.2021 14:15:11
  • Last modified 21.11.2024 06:12:10

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

7.8

CVE-2021-35269

  • EPSS 0.06%
  • Published 07.09.2021 14:15:11
  • Last modified 21.11.2024 06:12:10

NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

7.5

CVE-2021-40516

  • EPSS 0.98%
  • Published 05.09.2021 18:15:07
  • Last modified 21.11.2024 06:24:17

WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.

6.1

CVE-2021-39191

Exploit
  • EPSS 0.39%
  • Published 03.09.2021 14:15:07
  • Last modified 21.11.2024 06:18:50

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO...

6.5

CVE-2021-40491

  • EPSS 0.3%
  • Published 03.09.2021 02:15:06
  • Last modified 21.11.2024 06:24:14

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.

7

CVE-2021-40490

  • EPSS 0.04%
  • Published 03.09.2021 01:15:07
  • Last modified 21.11.2024 06:24:14

A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.

9.3

CVE-2021-39847

  • EPSS 0.42%
  • Published 01.09.2021 15:15:12
  • Last modified 21.11.2024 06:20:22

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must...

2.1

CVE-2021-36057

  • EPSS 0.05%
  • Published 01.09.2021 15:15:11
  • Last modified 21.11.2024 06:13:02

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local a...