Debian

Debian Linux

9998 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 4.74%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:50:01

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

Exploit
  • EPSS 4.74%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:49:36

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

  • EPSS 4.54%
  • Veröffentlicht 23.08.2021 18:15:10
  • Zuletzt bearbeitet 23.05.2025 16:52:49

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user ...

  • EPSS 1.11%
  • Veröffentlicht 23.08.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:16

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

  • EPSS 3.01%
  • Veröffentlicht 23.08.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:22:10

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

  • EPSS 2.39%
  • Veröffentlicht 23.08.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:22:10

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

  • EPSS 2.17%
  • Veröffentlicht 23.08.2021 05:15:08
  • Zuletzt bearbeitet 21.11.2024 06:15:52

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Exploit
  • EPSS 1.18%
  • Veröffentlicht 23.08.2021 02:15:07
  • Zuletzt bearbeitet 21.11.2024 05:29:38

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameter...

  • EPSS 1.97%
  • Veröffentlicht 23.08.2021 02:15:06
  • Zuletzt bearbeitet 21.11.2024 05:29:37

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generatin...

  • EPSS 1.55%
  • Veröffentlicht 23.08.2021 02:15:06
  • Zuletzt bearbeitet 21.11.2024 05:29:37

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.