Debian

Debian Linux

9922 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-33833

Exploit
  • EPSS 0.16%
  • Veröffentlicht 09.06.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:09:39

ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).

5.5

CVE-2021-26313

  • EPSS 0.08%
  • Veröffentlicht 09.06.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 05:56:04

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

6.1

CVE-2021-33829

  • EPSS 39.29%
  • Veröffentlicht 09.06.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:09:38

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.

5.3

CVE-2021-28169

  • EPSS 88.84%
  • Veröffentlicht 09.06.2021 02:15:06
  • Zuletzt bearbeitet 21.11.2024 05:59:14

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml...

5.5

CVE-2021-3564

Exploit
  • EPSS 0.03%
  • Veröffentlicht 08.06.2021 12:15:11
  • Zuletzt bearbeitet 21.11.2024 06:21:51

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux ke...

7.5

CVE-2021-22116

  • EPSS 1.03%
  • Veröffentlicht 08.06.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:32

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the tar...

5.5

CVE-2021-23215

  • EPSS 0.11%
  • Veröffentlicht 08.06.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 05:51:23

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

5.5

CVE-2021-26260

  • EPSS 0.54%
  • Veröffentlicht 08.06.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 05:55:59

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.

7.5

CVE-2021-33560

  • EPSS 0.43%
  • Veröffentlicht 08.06.2021 11:15:07
  • Zuletzt bearbeitet 03.12.2025 15:15:49

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGam...

7.5

CVE-2021-22222

  • EPSS 0.19%
  • Veröffentlicht 07.06.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:44

Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file