Debian

Debian Linux

9928 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2020-12108

Exploit
  • EPSS 7.99%
  • Veröffentlicht 06.05.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:15

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

7.5

CVE-2020-10704

  • EPSS 8.93%
  • Veröffentlicht 06.05.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:55:53

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of ser...

7.5

CVE-2020-12672

Exploit
  • EPSS 0.36%
  • Veröffentlicht 06.05.2020 03:15:11
  • Zuletzt bearbeitet 21.11.2024 05:00:02

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.

7.8

CVE-2020-12653

  • EPSS 0.2%
  • Veröffentlicht 05.05.2020 06:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:59

An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer ov...

5.3

CVE-2020-10933

Exploit
  • EPSS 0.38%
  • Veröffentlicht 04.05.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:23

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied...

6.1

CVE-2020-12625

Exploit
  • EPSS 2.31%
  • Veröffentlicht 04.05.2020 02:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:56

An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.

6.5

CVE-2020-12626

Exploit
  • EPSS 1.29%
  • Veröffentlicht 04.05.2020 02:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:56

An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.

5.4

CVE-2020-11026

  • EPSS 4.41%
  • Veröffentlicht 30.04.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:37

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched...

8.1

CVE-2020-11027

  • EPSS 42.55%
  • Veröffentlicht 30.04.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:37

In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched i...

7.5

CVE-2020-11028

  • EPSS 0.95%
  • Veröffentlicht 30.04.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:37

In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions ...