Debian

Debian Linux

9144 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2020-4033

  • EPSS 0.16%
  • Veröffentlicht 22.06.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:32:11

In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.

6.5

CVE-2020-11096

  • EPSS 0.21%
  • Veröffentlicht 22.06.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:46

In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.

5.5

CVE-2020-11097

  • EPSS 0.19%
  • Veröffentlicht 22.06.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:46

In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.

6.5

CVE-2020-11098

  • EPSS 0.17%
  • Veröffentlicht 22.06.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:46

In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2.

6.5

CVE-2020-11099

  • EPSS 0.18%
  • Veröffentlicht 22.06.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:47

In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.

5.5

CVE-2020-11095

  • EPSS 0.26%
  • Veröffentlicht 22.06.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:46

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.

5.9

CVE-2020-14954

  • EPSS 10.15%
  • Veröffentlicht 21.06.2020 17:15:09
  • Zuletzt bearbeitet 21.11.2024 05:04:30

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates i...

7.5

CVE-2020-14929

  • EPSS 0.38%
  • Veröffentlicht 19.06.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:04:27

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they w...

9.8

CVE-2020-8165

Exploit
  • EPSS 90.13%
  • Veröffentlicht 19.06.2020 18:15:11
  • Zuletzt bearbeitet 09.05.2025 20:15:36

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

6.5

CVE-2020-8167

Exploit
  • EPSS 0.59%
  • Veröffentlicht 19.06.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:38:25

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.