Debian

Debian Linux

9144 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2021-28964

  • EPSS 0.09%
  • Veröffentlicht 22.03.2021 09:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:27

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d...

5.3

CVE-2021-28963

  • EPSS 0.49%
  • Veröffentlicht 22.03.2021 08:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:27

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.

6.1

CVE-2021-28957

Exploit
  • EPSS 0.5%
  • Veröffentlicht 21.03.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:26

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A rem...

6

CVE-2020-27171

  • EPSS 0.16%
  • Veröffentlicht 20.03.2021 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:48

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spect...

4.7

CVE-2020-27170

  • EPSS 0.16%
  • Veröffentlicht 20.03.2021 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:20:48

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information fr...

5.5

CVE-2021-28950

  • EPSS 0.07%
  • Veröffentlicht 20.03.2021 20:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:25

An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.

9.8

CVE-2021-28834

Exploit
  • EPSS 2.59%
  • Veröffentlicht 19.03.2021 07:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:17

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.

7.5

CVE-2021-28831

  • EPSS 0.96%
  • Veröffentlicht 19.03.2021 05:15:13
  • Zuletzt bearbeitet 09.05.2025 20:15:36

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

8.6

CVE-2020-25097

  • EPSS 0.58%
  • Veröffentlicht 19.03.2021 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:17:19

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for cert...

7.5

CVE-2021-25290

  • EPSS 0.24%
  • Veröffentlicht 19.03.2021 04:15:13
  • Zuletzt bearbeitet 21.11.2024 05:54:41

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.