Debian

Debian Linux

9922 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2020-35176

  • EPSS 0.94%
  • Veröffentlicht 12.12.2020 00:15:12
  • Zuletzt bearbeitet 21.11.2024 05:26:54

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incompl...

5.3

CVE-2020-26418

Exploit
  • EPSS 0.41%
  • Veröffentlicht 11.12.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:19:54

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

5.3

CVE-2020-26421

Exploit
  • EPSS 0.1%
  • Veröffentlicht 11.12.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:19:54

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

5.7

CVE-2020-27825

  • EPSS 0.14%
  • Veröffentlicht 11.12.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:21:53

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This fl...

9.8

CVE-2020-7788

Exploit
  • EPSS 0.29%
  • Veröffentlicht 11.12.2020 11:15:11
  • Zuletzt bearbeitet 21.11.2024 05:37:48

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

4.3

CVE-2020-29668

Exploit
  • EPSS 1.04%
  • Veröffentlicht 10.12.2020 08:15:11
  • Zuletzt bearbeitet 21.11.2024 05:24:24

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.

5.5

CVE-2020-16587

Exploit
  • EPSS 0.55%
  • Veröffentlicht 09.12.2020 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:07:09

A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.

5.5

CVE-2020-16588

Exploit
  • EPSS 0.29%
  • Veröffentlicht 09.12.2020 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:07:10

A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.

5.5

CVE-2020-16589

Exploit
  • EPSS 0.55%
  • Veröffentlicht 09.12.2020 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:07:10

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.

4.4

CVE-2020-29660

Exploit
  • EPSS 0.07%
  • Veröffentlicht 09.12.2020 17:15:31
  • Zuletzt bearbeitet 21.11.2024 05:24:22

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.