Debian

Debian Linux

9998 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 4.88%
  • Veröffentlicht 07.10.2020 16:15:18
  • Zuletzt bearbeitet 21.11.2024 05:20:23

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.

  • EPSS 9.19%
  • Veröffentlicht 07.10.2020 16:15:15
  • Zuletzt bearbeitet 21.11.2024 04:58:39

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

  • EPSS 2.66%
  • Veröffentlicht 07.10.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:03:04

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious ...

Exploit
  • EPSS 2.45%
  • Veröffentlicht 06.10.2020 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:18:55

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.

Exploit
  • EPSS 4.92%
  • Veröffentlicht 06.10.2020 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:18:55

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.

  • EPSS 3.12%
  • Veröffentlicht 06.10.2020 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:20:06

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.

Exploit
  • EPSS 3.18%
  • Veröffentlicht 06.10.2020 14:15:12
  • Zuletzt bearbeitet 03.07.2025 20:59:18

Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles ...

  • EPSS 0.39%
  • Veröffentlicht 06.10.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:18

A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a ...

  • EPSS 3.29%
  • Veröffentlicht 06.10.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:19

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial...

  • EPSS 0.4%
  • Veröffentlicht 06.10.2020 02:15:13
  • Zuletzt bearbeitet 21.11.2024 05:20:06

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.