Debian

Debian Linux

9950 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5

CVE-2021-39147

Exploit
  • EPSS 0.67%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:51:54

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.5

CVE-2021-39148

Exploit
  • EPSS 0.67%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:48:30

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.5

CVE-2021-39149

Exploit
  • EPSS 0.71%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:50:01

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.5

CVE-2021-39151

Exploit
  • EPSS 0.71%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:49:36

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.8

CVE-2021-39139

  • EPSS 0.84%
  • Veröffentlicht 23.08.2021 18:15:10
  • Zuletzt bearbeitet 23.05.2025 16:52:49

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user ...

4.7

CVE-2021-3731

  • EPSS 0.15%
  • Veröffentlicht 23.08.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:16

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

9.6

CVE-2021-3693

  • EPSS 0.79%
  • Veröffentlicht 23.08.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:22:10

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

9.6

CVE-2021-3694

  • EPSS 0.25%
  • Veröffentlicht 23.08.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:22:10

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

6.5

CVE-2021-37750

  • EPSS 0.72%
  • Veröffentlicht 23.08.2021 05:15:08
  • Zuletzt bearbeitet 21.11.2024 06:15:52

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

7.5

CVE-2020-36478

Exploit
  • EPSS 0.52%
  • Veröffentlicht 23.08.2021 02:15:07
  • Zuletzt bearbeitet 21.11.2024 05:29:38

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameter...