Debian

Debian Linux

9922 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-28957

Exploit
  • EPSS 0.5%
  • Veröffentlicht 21.03.2021 05:15:13
  • Zuletzt bearbeitet 17.12.2025 22:15:56

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A rem...

6

CVE-2020-27171

  • EPSS 0.18%
  • Veröffentlicht 20.03.2021 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:48

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spect...

4.7

CVE-2020-27170

  • EPSS 0.15%
  • Veröffentlicht 20.03.2021 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:20:48

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information fr...

5.5

CVE-2021-28950

  • EPSS 0.03%
  • Veröffentlicht 20.03.2021 20:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:25

An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.

9.8

CVE-2021-28834

Exploit
  • EPSS 2.59%
  • Veröffentlicht 19.03.2021 07:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:17

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.

7.5

CVE-2021-28831

  • EPSS 1.02%
  • Veröffentlicht 19.03.2021 05:15:13
  • Zuletzt bearbeitet 17.12.2025 22:15:56

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

8.6

CVE-2020-25097

  • EPSS 0.58%
  • Veröffentlicht 19.03.2021 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:17:19

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for cert...

7.5

CVE-2021-25290

  • EPSS 0.14%
  • Veröffentlicht 19.03.2021 04:15:13
  • Zuletzt bearbeitet 21.11.2024 05:54:41

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

9

CVE-2021-27928

Exploit
  • EPSS 47.18%
  • Veröffentlicht 19.03.2021 03:15:12
  • Zuletzt bearbeitet 21.11.2024 05:58:50

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search pa...

6

CVE-2021-3416

  • EPSS 0.01%
  • Veröffentlicht 18.03.2021 20:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:27

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use th...