Debian

Debian Linux

9144 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-29074

  • EPSS 0.42%
  • Published 25.11.2020 23:15:11
  • Last modified 21.11.2024 05:23:38

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.

5.5

CVE-2020-25650

Exploit
  • EPSS 0.15%
  • Published 25.11.2020 15:15:11
  • Last modified 21.11.2024 05:18:20

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use ...

8.7

CVE-2020-26237

  • EPSS 0.6%
  • Published 24.11.2020 23:15:11
  • Last modified 21.11.2024 05:19:37

Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's ...

9

CVE-2020-25654

  • EPSS 0.09%
  • Published 24.11.2020 20:15:11
  • Last modified 21.11.2024 05:18:21

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing ...

5.5

CVE-2020-28928

  • EPSS 0.05%
  • Published 24.11.2020 18:15:12
  • Last modified 21.11.2024 05:23:18

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

7.6

CVE-2020-25696

  • EPSS 0.2%
  • Published 23.11.2020 22:15:12
  • Last modified 21.11.2024 05:18:30

A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attac...

9.8

CVE-2020-28984

  • EPSS 0.71%
  • Published 23.11.2020 22:15:12
  • Last modified 21.11.2024 05:23:26

prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.

5.3

CVE-2020-28896

  • EPSS 0.25%
  • Published 23.11.2020 19:15:11
  • Last modified 21.11.2024 05:23:14

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. ...

8

CVE-2019-14586

  • EPSS 0.14%
  • Published 23.11.2020 17:15:12
  • Last modified 21.11.2024 04:26:59

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

6.5

CVE-2019-14587

  • EPSS 0.19%
  • Published 23.11.2020 17:15:12
  • Last modified 21.11.2024 04:26:59

Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.