Debian

Debian Linux

9950 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-33829

  • EPSS 49.67%
  • Veröffentlicht 09.06.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:09:38

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.

5.3

CVE-2021-28169

  • EPSS 90.26%
  • Veröffentlicht 09.06.2021 02:15:06
  • Zuletzt bearbeitet 21.11.2024 05:59:14

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml...

5.5

CVE-2021-3564

Exploit
  • EPSS 0.03%
  • Veröffentlicht 08.06.2021 12:15:11
  • Zuletzt bearbeitet 21.11.2024 06:21:51

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux ke...

7.5

CVE-2021-22116

  • EPSS 1.03%
  • Veröffentlicht 08.06.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:32

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the tar...

5.5

CVE-2021-23215

  • EPSS 0.11%
  • Veröffentlicht 08.06.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 05:51:23

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

5.5

CVE-2021-26260

  • EPSS 0.54%
  • Veröffentlicht 08.06.2021 12:15:10
  • Zuletzt bearbeitet 21.11.2024 05:55:59

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.

7.5

CVE-2021-33560

  • EPSS 0.43%
  • Veröffentlicht 08.06.2021 11:15:07
  • Zuletzt bearbeitet 03.12.2025 15:15:49

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGam...

7.5

CVE-2021-22222

  • EPSS 0.19%
  • Veröffentlicht 07.06.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:44

Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file

9.8

CVE-2017-20005

Exploit
  • EPSS 3.25%
  • Veröffentlicht 06.06.2021 22:15:08
  • Zuletzt bearbeitet 05.12.2025 15:15:49

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoinde...

7.5

CVE-2021-28091

  • EPSS 0.51%
  • Veröffentlicht 04.06.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:59:04

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.