Debian

Debian Linux

9951 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2020-28243

Exploit
  • EPSS 1.73%
  • Veröffentlicht 27.02.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 05:22:30

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-b...

5.9

CVE-2020-28972

  • EPSS 0.46%
  • Veröffentlicht 27.02.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 05:23:24

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

7.4

CVE-2020-35662

  • EPSS 0.64%
  • Veröffentlicht 27.02.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 05:27:47

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

9.8

CVE-2021-25281

Exploit
  • EPSS 93.85%
  • Veröffentlicht 27.02.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 05:54:40

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

9.1

CVE-2021-25282

Exploit
  • EPSS 90.95%
  • Veröffentlicht 27.02.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 05:54:40

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

9.8

CVE-2021-25283

  • EPSS 6.82%
  • Veröffentlicht 27.02.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 05:54:40

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

5.5

CVE-2020-27618

Exploit
  • EPSS 0.05%
  • Veröffentlicht 26.02.2021 23:15:11
  • Zuletzt bearbeitet 09.06.2025 16:15:31

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an i...

7.5

CVE-2021-27803

  • EPSS 0.33%
  • Veröffentlicht 26.02.2021 23:15:11
  • Zuletzt bearbeitet 18.12.2025 15:15:48

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacke...

5.3

CVE-2020-27223

  • EPSS 33.82%
  • Veröffentlicht 26.02.2021 22:15:19
  • Zuletzt bearbeitet 20.08.2025 10:15:27

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) ...

8.8

CVE-2021-23978

  • EPSS 1.22%
  • Veröffentlicht 26.02.2021 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:52:08

Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. T...