Debian

Debian Linux

9177 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2016-1000108

  • EPSS 0.95%
  • Veröffentlicht 10.12.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 02:42:52

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote atta...

7.8

CVE-2019-19630

Exploit
  • EPSS 0.54%
  • Veröffentlicht 08.12.2019 02:15:10
  • Zuletzt bearbeitet 21.11.2024 04:35:05

HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.

7.8

CVE-2019-19448

Exploit
  • EPSS 0.2%
  • Veröffentlicht 08.12.2019 02:15:09
  • Zuletzt bearbeitet 21.11.2024 04:34:45

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer...

5.3

CVE-2019-1551

  • EPSS 4.53%
  • Veröffentlicht 06.12.2019 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:36:48

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this d...

7.4

CVE-2012-2130

  • EPSS 0.07%
  • Veröffentlicht 06.12.2019 18:15:10
  • Zuletzt bearbeitet 21.11.2024 01:38:33

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.

9.8

CVE-2019-19617

  • EPSS 1.16%
  • Veröffentlicht 06.12.2019 03:15:10
  • Zuletzt bearbeitet 21.11.2024 04:35:04

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.

6.1

CVE-2012-1114

  • EPSS 0.84%
  • Veröffentlicht 05.12.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 01:36:27

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

6.1

CVE-2012-1115

  • EPSS 0.84%
  • Veröffentlicht 05.12.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 01:36:28

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

7.5

CVE-2019-16770

  • EPSS 1.59%
  • Veröffentlicht 05.12.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:09

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, addi...

5.5

CVE-2012-1105

  • EPSS 0.15%
  • Veröffentlicht 05.12.2019 19:15:15
  • Zuletzt bearbeitet 21.11.2024 01:36:26

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.