Debian

Debian Linux

9979 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-21343

Exploit
  • EPSS 0.62%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:40:13

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStr...

9.8

CVE-2021-21344

Exploit
  • EPSS 30.6%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:40:53

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

9.9

CVE-2021-21345

Exploit
  • EPSS 88.09%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:41:10

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the proc...

9.8

CVE-2021-21346

Exploit
  • EPSS 3.67%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:41:29

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

5.5

CVE-2021-28971

  • EPSS 0.09%
  • Veröffentlicht 22.03.2021 17:15:15
  • Zuletzt bearbeitet 21.11.2024 06:00:28

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d...

4.7

CVE-2021-28964

  • EPSS 0.09%
  • Veröffentlicht 22.03.2021 09:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:27

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d...

5.3

CVE-2021-28963

  • EPSS 0.49%
  • Veröffentlicht 22.03.2021 08:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:27

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.

6.1

CVE-2021-28957

Exploit
  • EPSS 0.52%
  • Veröffentlicht 21.03.2021 05:15:13
  • Zuletzt bearbeitet 17.12.2025 22:15:56

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A rem...

6

CVE-2020-27171

  • EPSS 0.18%
  • Veröffentlicht 20.03.2021 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:48

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spect...

4.7

CVE-2020-27170

  • EPSS 0.15%
  • Veröffentlicht 20.03.2021 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:20:48

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information fr...