Debian

Debian Linux

9144 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2020-26116

Exploit
  • EPSS 0.53%
  • Published 27.09.2020 04:15:11
  • Last modified 21.11.2024 05:19:16

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first ar...

8.1

CVE-2020-26117

  • EPSS 0.94%
  • Published 27.09.2020 04:15:11
  • Last modified 21.11.2024 05:19:16

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client...

3.2

CVE-2020-25084

  • EPSS 0.03%
  • Published 25.09.2020 05:15:12
  • Last modified 21.11.2024 05:17:13

QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.

5

CVE-2020-25085

Exploit
  • EPSS 0.04%
  • Published 25.09.2020 05:15:12
  • Last modified 21.11.2024 05:17:13

QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.

5.3

CVE-2020-25625

  • EPSS 0.07%
  • Published 25.09.2020 05:15:12
  • Last modified 21.11.2024 05:18:16

hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.

5.5

CVE-2020-26088

  • EPSS 0.01%
  • Published 24.09.2020 15:15:15
  • Last modified 21.11.2024 05:19:12

A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.

5.5

CVE-2020-25596

  • EPSS 0.09%
  • Published 23.09.2020 22:15:13
  • Last modified 21.11.2024 05:18:11

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault,...

7

CVE-2020-25599

  • EPSS 0.07%
  • Published 23.09.2020 22:15:13
  • Last modified 21.11.2024 05:18:12

An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal as...

5.5

CVE-2020-25600

  • EPSS 0.1%
  • Published 23.09.2020 22:15:13
  • Last modified 21.11.2024 05:18:12

An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bi...

5.5

CVE-2020-25601

  • EPSS 0.08%
  • Published 23.09.2020 22:15:13
  • Last modified 21.11.2024 05:18:12

An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of the...