Debian

Debian Linux

9144 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2020-27763

  • EPSS 0.09%
  • Veröffentlicht 03.12.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:21:47

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to applica...

7.4

CVE-2020-25638

  • EPSS 0.51%
  • Veröffentlicht 02.12.2020 15:15:12
  • Zuletzt bearbeitet 23.04.2025 20:15:19

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could...

4.1

CVE-2020-25656

Exploit
  • EPSS 0.01%
  • Veröffentlicht 02.12.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:22

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnera...

5.5

CVE-2020-25704

  • EPSS 0.06%
  • Veröffentlicht 02.12.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:31

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

3.2

CVE-2020-25723

  • EPSS 0.02%
  • Veröffentlicht 02.12.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:34

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bog...

7.5

CVE-2020-27813

  • EPSS 0.18%
  • Veröffentlicht 02.12.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:21:51

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.

5.2

CVE-2020-15257

  • EPSS 12%
  • Veröffentlicht 01.12.2020 03:15:11
  • Zuletzt bearbeitet 21.11.2024 05:05:12

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the ...

7.8

CVE-2020-29394

Exploit
  • EPSS 0.6%
  • Veröffentlicht 30.11.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:23:59

A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the forma...

9.8

CVE-2020-28926

Exploit
  • EPSS 65.26%
  • Veröffentlicht 30.11.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:23:18

ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/mem...

5

CVE-2020-25624

Exploit
  • EPSS 0.03%
  • Veröffentlicht 30.11.2020 07:15:11
  • Zuletzt bearbeitet 21.11.2024 05:18:16

hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.