Debian

Debian Linux

9922 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-31229

Exploit
  • EPSS 1.85%
  • Veröffentlicht 15.04.2021 15:15:12
  • Zuletzt bearbeitet 21.11.2024 06:05:20

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.

5.5

CVE-2021-29338

Exploit
  • EPSS 0.09%
  • Veröffentlicht 14.04.2021 14:15:14
  • Zuletzt bearbeitet 03.11.2025 20:15:46

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

5.5

CVE-2020-36322

  • EPSS 0.03%
  • Veröffentlicht 14.04.2021 06:15:12
  • Zuletzt bearbeitet 21.11.2024 05:29:16

An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulne...

5.8

CVE-2021-29425

Exploit
  • EPSS 0.61%
  • Veröffentlicht 13.04.2021 07:15:12
  • Zuletzt bearbeitet 21.11.2024 06:01:04

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but ...

6.5

CVE-2021-30485

Exploit
  • EPSS 1.46%
  • Veröffentlicht 11.04.2021 16:15:13
  • Zuletzt bearbeitet 21.11.2024 06:04:01

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.

4.3

CVE-2021-30155

Exploit
  • EPSS 0.45%
  • Veröffentlicht 09.04.2021 07:15:16
  • Zuletzt bearbeitet 21.11.2024 06:03:24

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.

4.3

CVE-2021-30159

Exploit
  • EPSS 0.87%
  • Veröffentlicht 09.04.2021 07:15:16
  • Zuletzt bearbeitet 21.11.2024 06:03:25

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's on...

4.3

CVE-2021-30152

Exploit
  • EPSS 0.53%
  • Veröffentlicht 09.04.2021 07:15:15
  • Zuletzt bearbeitet 21.11.2024 06:03:24

An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.

6.5

CVE-2021-3482

  • EPSS 0.2%
  • Veröffentlicht 08.04.2021 23:15:12
  • Zuletzt bearbeitet 21.11.2024 06:21:38

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing mali...

7.8

CVE-2021-29154

  • EPSS 0.04%
  • Veröffentlicht 08.04.2021 21:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:47

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.