Debian

Debian Linux

9144 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2020-35459

Exploit
  • EPSS 0.05%
  • Published 12.01.2021 15:15:13
  • Last modified 21.11.2024 05:27:19

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privi...

2.5

CVE-2021-23239

Exploit
  • EPSS 0.05%
  • Published 12.01.2021 09:15:14
  • Last modified 21.11.2024 05:51:25

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

7.1

CVE-2020-35653

  • EPSS 0.5%
  • Published 12.01.2021 09:15:13
  • Last modified 21.11.2024 05:27:46

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.

7.2

CVE-2021-0308

  • EPSS 0.07%
  • Published 11.01.2021 22:15:13
  • Last modified 21.11.2024 05:42:28

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...

5.4

CVE-2020-26298

  • EPSS 0.33%
  • Published 11.01.2021 19:15:13
  • Last modified 21.11.2024 05:19:47

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quot...

9.6

CVE-2021-21109

  • EPSS 1.31%
  • Published 08.01.2021 19:15:15
  • Last modified 21.11.2024 05:47:35

Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6

CVE-2021-21110

  • EPSS 23.07%
  • Published 08.01.2021 19:15:15
  • Last modified 21.11.2024 05:47:35

Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.6

CVE-2021-21111

  • EPSS 0.45%
  • Published 08.01.2021 19:15:15
  • Last modified 21.11.2024 05:47:35

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

8.8

CVE-2021-21112

  • EPSS 1.73%
  • Published 08.01.2021 19:15:15
  • Last modified 21.11.2024 05:47:35

Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-21113

  • EPSS 1.52%
  • Published 08.01.2021 19:15:15
  • Last modified 21.11.2024 05:47:35

Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.