Debian

Debian Linux

9998 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.81%
  • Veröffentlicht 19.03.2021 07:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:17

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.

  • EPSS 2.72%
  • Veröffentlicht 19.03.2021 05:15:13
  • Zuletzt bearbeitet 17.12.2025 22:15:56

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

  • EPSS 8.16%
  • Veröffentlicht 19.03.2021 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:17:19

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for cert...

  • EPSS 2.37%
  • Veröffentlicht 19.03.2021 04:15:13
  • Zuletzt bearbeitet 21.11.2024 05:54:41

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

Exploit
  • EPSS 38.18%
  • Veröffentlicht 19.03.2021 03:15:12
  • Zuletzt bearbeitet 21.11.2024 05:58:50

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search pa...

  • EPSS 0.46%
  • Veröffentlicht 18.03.2021 20:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:27

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use th...

  • EPSS 1.32%
  • Veröffentlicht 17.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:02

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/sta...

Exploit
  • EPSS 3.83%
  • Veröffentlicht 17.03.2021 13:15:15
  • Zuletzt bearbeitet 21.11.2024 05:57:45

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious i...

Exploit
  • EPSS 40.08%
  • Veröffentlicht 17.03.2021 10:15:11
  • Zuletzt bearbeitet 21.11.2024 05:08:17

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the...

Exploit
  • EPSS 0.4%
  • Veröffentlicht 17.03.2021 06:15:12
  • Zuletzt bearbeitet 21.11.2024 03:22:25

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence...