Debian

Debian Linux

9144 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-43543

  • EPSS 0.36%
  • Veröffentlicht 08.12.2021 22:15:09
  • Zuletzt bearbeitet 21.11.2024 06:29:23

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

10

CVE-2021-38503

  • EPSS 1.65%
  • Veröffentlicht 08.12.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:17:15

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox E...

8.8

CVE-2021-38504

  • EPSS 0.67%
  • Veröffentlicht 08.12.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:17:15

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < ...

4.3

CVE-2021-38506

  • EPSS 0.39%
  • Veröffentlicht 08.12.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:17:16

Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < ...

6.5

CVE-2021-38507

  • EPSS 0.55%
  • Veröffentlicht 08.12.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:17:16

The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However...

7.5

CVE-2021-44420

  • EPSS 0.13%
  • Veröffentlicht 08.12.2021 00:15:07
  • Zuletzt bearbeitet 21.11.2024 06:30:56

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

7.5

CVE-2021-42717

Exploit
  • EPSS 2.22%
  • Veröffentlicht 07.12.2021 22:15:06
  • Zuletzt bearbeitet 03.07.2025 20:59:18

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP ...

6

CVE-2021-43784

Exploit
  • EPSS 0.12%
  • Veröffentlicht 06.12.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:46

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (resp...

7.8

CVE-2021-4069

Exploit
  • EPSS 0.2%
  • Veröffentlicht 06.12.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:36:50

vim is vulnerable to Use After Free

8.8

CVE-2021-44227

  • EPSS 0.45%
  • Veröffentlicht 02.12.2021 03:15:06
  • Zuletzt bearbeitet 21.11.2024 06:30:37

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.