Debian

Debian Linux

9922 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-33196

Exploit
  • EPSS 0.06%
  • Veröffentlicht 02.08.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:08:29

In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

5.5

CVE-2021-34556

  • EPSS 0.04%
  • Veröffentlicht 02.08.2021 05:15:07
  • Zuletzt bearbeitet 21.11.2024 06:10:40

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory l...

5.5

CVE-2021-35477

  • EPSS 0.04%
  • Veröffentlicht 02.08.2021 04:15:07
  • Zuletzt bearbeitet 21.11.2024 06:12:21

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a st...

8.8

CVE-2021-35472

Exploit
  • EPSS 0.37%
  • Veröffentlicht 30.07.2021 14:15:17
  • Zuletzt bearbeitet 21.11.2024 06:12:20

An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two dif...

7

CVE-2021-31799

  • EPSS 0.35%
  • Veröffentlicht 30.07.2021 14:15:16
  • Zuletzt bearbeitet 21.11.2024 06:06:14

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

7.5

CVE-2021-32558

Exploit
  • EPSS 2.88%
  • Veröffentlicht 30.07.2021 14:15:16
  • Zuletzt bearbeitet 21.11.2024 06:07:16

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported med...

7.1

CVE-2021-32610

  • EPSS 2.96%
  • Veröffentlicht 30.07.2021 14:15:16
  • Zuletzt bearbeitet 21.11.2024 06:07:22

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.

7.5

CVE-2021-31292

Exploit
  • EPSS 0.55%
  • Veröffentlicht 26.07.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:05:24

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.

5.9

CVE-2021-32686

  • EPSS 2.7%
  • Veröffentlicht 23.07.2021 22:15:08
  • Zuletzt bearbeitet 04.11.2025 16:15:42

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL soc...

7.5

CVE-2021-32785

  • EPSS 0.3%
  • Veröffentlicht 22.07.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:44

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are co...