Debian

Debian Linux

9144 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-11651

Warnung Exploit
  • EPSS 94.42%
  • Veröffentlicht 30.04.2020 17:15:12
  • Zuletzt bearbeitet 22.10.2025 00:16:55

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods...

6.5

CVE-2020-11652

Warnung Exploit
  • EPSS 94.27%
  • Veröffentlicht 30.04.2020 17:15:12
  • Zuletzt bearbeitet 22.10.2025 00:16:56

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated u...

6.1

CVE-2020-11022

Exploit
  • EPSS 22.55%
  • Veröffentlicht 29.04.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:36

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob...

6.1

CVE-2020-11023

Warnung Exploit
  • EPSS 27.71%
  • Veröffentlicht 29.04.2020 21:15:11
  • Zuletzt bearbeitet 22.10.2025 00:16:54

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex...

7

CVE-2020-11884

  • EPSS 0.04%
  • Veröffentlicht 29.04.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:58:49

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade...

7.5

CVE-2020-10663

  • EPSS 6.54%
  • Veröffentlicht 28.04.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:55:47

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavi...

7.5

CVE-2020-12243

Exploit
  • EPSS 6.57%
  • Veröffentlicht 28.04.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:22

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

4.9

CVE-2020-1774

  • EPSS 0.19%
  • Veröffentlicht 28.04.2020 14:15:14
  • Zuletzt bearbeitet 21.11.2024 05:11:21

When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community ...

10

CVE-2020-12284

Exploit
  • EPSS 6.44%
  • Veröffentlicht 28.04.2020 06:15:10
  • Zuletzt bearbeitet 21.11.2024 04:59:26

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

7.5

CVE-2020-9481

  • EPSS 3.92%
  • Veröffentlicht 27.04.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:44

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack.