Debian

Debian Linux

9144 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2020-8284

  • EPSS 0.1%
  • Veröffentlicht 14.12.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:38:39

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed,...

7.5

CVE-2020-8285

Exploit
  • EPSS 0.59%
  • Veröffentlicht 14.12.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:38:39

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

5.3

CVE-2020-35176

  • EPSS 1.57%
  • Veröffentlicht 12.12.2020 00:15:12
  • Zuletzt bearbeitet 21.11.2024 05:26:54

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incompl...

5.3

CVE-2020-26418

Exploit
  • EPSS 0.41%
  • Veröffentlicht 11.12.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:19:54

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

5.3

CVE-2020-26421

Exploit
  • EPSS 0.26%
  • Veröffentlicht 11.12.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:19:54

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

5.7

CVE-2020-27825

  • EPSS 0.11%
  • Veröffentlicht 11.12.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:21:53

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This fl...

9.8

CVE-2020-7788

Exploit
  • EPSS 0.29%
  • Veröffentlicht 11.12.2020 11:15:11
  • Zuletzt bearbeitet 21.11.2024 05:37:48

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

4.3

CVE-2020-29668

Exploit
  • EPSS 1.04%
  • Veröffentlicht 10.12.2020 08:15:11
  • Zuletzt bearbeitet 21.11.2024 05:24:24

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.

5.5

CVE-2020-16587

Exploit
  • EPSS 0.15%
  • Veröffentlicht 09.12.2020 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:07:09

A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.

5.5

CVE-2020-16588

Exploit
  • EPSS 0.18%
  • Veröffentlicht 09.12.2020 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:07:10

A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.