Debian

Debian Linux

9950 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-45085

Exploit
  • EPSS 0.29%
  • Veröffentlicht 16.12.2021 03:15:10
  • Zuletzt bearbeitet 21.11.2024 06:31:55

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.

6.1

CVE-2021-45086

Exploit
  • EPSS 0.21%
  • Veröffentlicht 16.12.2021 03:15:10
  • Zuletzt bearbeitet 21.11.2024 06:31:55

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.

6.1

CVE-2021-45087

Exploit
  • EPSS 0.29%
  • Veröffentlicht 16.12.2021 03:15:10
  • Zuletzt bearbeitet 21.11.2024 06:31:55

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.

6.1

CVE-2021-45088

Exploit
  • EPSS 0.29%
  • Veröffentlicht 16.12.2021 03:15:10
  • Zuletzt bearbeitet 21.11.2024 06:31:55

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.

7.8

CVE-2021-45078

Exploit
  • EPSS 0.16%
  • Veröffentlicht 15.12.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:31:54

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists b...

6.9

CVE-2021-0920

Warnung
  • EPSS 0.93%
  • Veröffentlicht 15.12.2021 19:15:11
  • Zuletzt bearbeitet 23.10.2025 14:53:26

In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: Androi...

9.8

CVE-2021-43113

Exploit
  • EPSS 2.7%
  • Veröffentlicht 15.12.2021 07:15:07
  • Zuletzt bearbeitet 25.02.2026 18:16:53

iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.

9

CVE-2021-45046

Warnung
  • EPSS 94.34%
  • Veröffentlicht 14.12.2021 19:15:07
  • Zuletzt bearbeitet 27.10.2025 17:35:56

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a n...

9.8

CVE-2021-44538

  • EPSS 1.42%
  • Veröffentlicht 14.12.2021 14:15:09
  • Zuletzt bearbeitet 21.11.2024 06:31:11

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of t...

7.1

CVE-2021-43818

  • EPSS 4.07%
  • Veröffentlicht 13.12.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:51

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that ...