Debian

Debian Linux

9144 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-3598

Exploit
  • EPSS 0.03%
  • Published 06.07.2021 15:15:07
  • Last modified 21.11.2024 06:21:56

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw ...

7.5

CVE-2021-35197

Exploit
  • EPSS 0.73%
  • Published 02.07.2021 13:15:07
  • Last modified 21.11.2024 06:12:01

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API...

5.5

CVE-2021-3630

  • EPSS 0.11%
  • Published 30.06.2021 14:15:08
  • Last modified 21.11.2024 06:22:01

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.

7.5

CVE-2021-32566

  • EPSS 6%
  • Published 30.06.2021 08:15:06
  • Last modified 21.11.2024 06:07:16

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

7.5

CVE-2021-32567

  • EPSS 6%
  • Published 30.06.2021 08:15:06
  • Last modified 21.11.2024 06:07:17

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

9.8

CVE-2021-35474

  • EPSS 9.21%
  • Published 30.06.2021 08:15:06
  • Last modified 21.11.2024 06:12:20

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

7.5

CVE-2021-27577

  • EPSS 0.68%
  • Published 29.06.2021 12:15:08
  • Last modified 21.11.2024 05:58:13

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

7.5

CVE-2021-32565

  • EPSS 5.68%
  • Published 29.06.2021 12:15:08
  • Last modified 21.11.2024 06:07:16

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

5.8

CVE-2021-33515

  • EPSS 3.63%
  • Published 28.06.2021 13:15:20
  • Last modified 21.11.2024 06:08:59

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

7.8

CVE-2021-3500

  • EPSS 0.29%
  • Published 24.06.2021 19:15:09
  • Last modified 21.11.2024 06:21:41

A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.