Debian

Debian Linux

9150 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2020-8003

  • EPSS 0.04%
  • Veröffentlicht 27.01.2020 05:15:13
  • Zuletzt bearbeitet 21.11.2024 05:38:11

A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a...

5.5

CVE-2020-8002

  • EPSS 0.04%
  • Veröffentlicht 27.01.2020 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:38:11

A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).

7.8

CVE-2019-20421

Exploit
  • EPSS 3.07%
  • Veröffentlicht 27.01.2020 05:15:10
  • Zuletzt bearbeitet 21.11.2024 04:38:25

In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

9.8

CVE-2014-4172

  • EPSS 6.74%
  • Veröffentlicht 24.01.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 02:09:38

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitr...

9.8

CVE-2019-17570

Exploit
  • EPSS 70.52%
  • Veröffentlicht 23.01.2020 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:33

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apa...

4.7

CVE-2019-18222

  • EPSS 0.08%
  • Veröffentlicht 23.01.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:32:52

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

7.5

CVE-2019-16792

  • EPSS 0.85%
  • Veröffentlicht 22.01.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:31:11

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Co...

7.5

CVE-2019-20387

  • EPSS 0.23%
  • Veröffentlicht 21.01.2020 23:15:13
  • Zuletzt bearbeitet 21.11.2024 04:38:21

repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.

7.5

CVE-2019-20388

  • EPSS 0.56%
  • Veröffentlicht 21.01.2020 23:15:13
  • Zuletzt bearbeitet 21.11.2024 04:38:21

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

7.5

CVE-2020-7595

  • EPSS 0.47%
  • Veröffentlicht 21.01.2020 23:15:13
  • Zuletzt bearbeitet 21.11.2024 05:37:26

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.