Debian

Debian Linux

9922 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-26934

  • EPSS 2.79%
  • Veröffentlicht 10.10.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:32

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

9.8

CVE-2020-26935

Exploit
  • EPSS 86.99%
  • Veröffentlicht 10.10.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:32

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject mali...

4.3

CVE-2020-26932

  • EPSS 0.16%
  • Veröffentlicht 10.10.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:31

debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)

7.8

CVE-2020-26880

  • EPSS 0.04%
  • Veröffentlicht 07.10.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:24

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable...

6.1

CVE-2020-26870

Exploit
  • EPSS 0.42%
  • Veröffentlicht 07.10.2020 16:15:18
  • Zuletzt bearbeitet 21.11.2024 05:20:23

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.

9.8

CVE-2020-11800

  • EPSS 47.88%
  • Veröffentlicht 07.10.2020 16:15:15
  • Zuletzt bearbeitet 21.11.2024 04:58:39

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

6.6

CVE-2020-14355

  • EPSS 1.11%
  • Veröffentlicht 07.10.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:03:04

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious ...

7.5

CVE-2020-25862

Exploit
  • EPSS 0.3%
  • Veröffentlicht 06.10.2020 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:18:55

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.

7.5

CVE-2020-25863

Exploit
  • EPSS 0.25%
  • Veröffentlicht 06.10.2020 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:18:55

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.

7.5

CVE-2020-26575

  • EPSS 2.23%
  • Veröffentlicht 06.10.2020 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:20:06

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.