Debian

Debian Linux

9144 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-40394

Exploit
  • EPSS 0.56%
  • Veröffentlicht 22.12.2021 19:15:11
  • Zuletzt bearbeitet 21.11.2024 06:24:02

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code ex...

9.8

CVE-2021-37706

  • EPSS 0.26%
  • Veröffentlicht 22.12.2021 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:15:45

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribut...

7.5

CVE-2021-43804

  • EPSS 0.29%
  • Veröffentlicht 22.12.2021 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:29:49

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length,...

7

CVE-2021-44733

Exploit
  • EPSS 0.28%
  • Veröffentlicht 22.12.2021 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:31:28

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

8.2

CVE-2021-44224

  • EPSS 10.7%
  • Veröffentlicht 20.12.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:30:37

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix D...

9.8

CVE-2021-44790

Exploit
  • EPSS 86.01%
  • Veröffentlicht 20.12.2021 12:15:07
  • Zuletzt bearbeitet 01.05.2025 15:38:06

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This...

9.8

CVE-2021-44732

Exploit
  • EPSS 0.56%
  • Veröffentlicht 20.12.2021 08:15:06
  • Zuletzt bearbeitet 21.11.2024 06:31:28

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

5.9

CVE-2021-45105

Warnung
  • EPSS 65.66%
  • Veröffentlicht 18.12.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:31:58

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service wh...

9.8

CVE-2021-23450

Exploit
  • EPSS 2.78%
  • Veröffentlicht 17.12.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 05:51:46

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

7.8

CVE-2021-4008

  • EPSS 0.08%
  • Veröffentlicht 17.12.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 06:36:42

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as wel...