Debian

Debian Linux

9922 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-28660

  • EPSS 0.32%
  • Veröffentlicht 17.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:02

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/sta...

7.5

CVE-2021-27291

Exploit
  • EPSS 2.75%
  • Veröffentlicht 17.03.2021 13:15:15
  • Zuletzt bearbeitet 21.11.2024 05:57:45

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious i...

7.5

CVE-2020-17525

Exploit
  • EPSS 11.75%
  • Veröffentlicht 17.03.2021 10:15:11
  • Zuletzt bearbeitet 21.11.2024 05:08:17

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the...

7.8

CVE-2017-20002

Exploit
  • EPSS 0.05%
  • Veröffentlicht 17.03.2021 06:15:12
  • Zuletzt bearbeitet 21.11.2024 03:22:25

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence...

8.8

CVE-2021-21192

Exploit
  • EPSS 1.46%
  • Veröffentlicht 16.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:47:44

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-21193

Warnung
  • EPSS 14.8%
  • Veröffentlicht 16.03.2021 15:15:13
  • Zuletzt bearbeitet 24.10.2025 21:00:22

Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-21191

Exploit
  • EPSS 0.99%
  • Veröffentlicht 16.03.2021 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:47:44

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-22191

  • EPSS 0.5%
  • Veröffentlicht 15.03.2021 18:15:17
  • Zuletzt bearbeitet 21.11.2024 05:49:40

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.

7.5

CVE-2021-28374

  • EPSS 0.29%
  • Veröffentlicht 15.03.2021 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:59:36

The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some conf...

4.3

CVE-2021-21366

  • EPSS 0.57%
  • Veröffentlicht 12.03.2021 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:48:12

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing malicio...