Debian

Debian Linux

9928 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-10595

  • EPSS 7.3%
  • Veröffentlicht 31.03.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:39

pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an at...

8.8

CVE-2020-11111

  • EPSS 2.2%
  • Veröffentlicht 31.03.2020 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:48

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).

8.8

CVE-2020-11112

  • EPSS 6.77%
  • Veröffentlicht 31.03.2020 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

8.8

CVE-2020-11113

  • EPSS 60.71%
  • Veröffentlicht 31.03.2020 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

6.5

CVE-2020-10955

  • EPSS 0.18%
  • Veröffentlicht 27.03.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:26

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

4.3

CVE-2020-1770

  • EPSS 0.36%
  • Veröffentlicht 27.03.2020 13:15:15
  • Zuletzt bearbeitet 21.11.2024 05:11:21

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

7.5

CVE-2020-1772

  • EPSS 0.59%
  • Veröffentlicht 27.03.2020 13:15:15
  • Zuletzt bearbeitet 21.11.2024 05:11:21

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and pri...

8.8

CVE-2020-10969

  • EPSS 1.4%
  • Veröffentlicht 26.03.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:28

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

8.8

CVE-2020-10968

  • EPSS 4.03%
  • Veröffentlicht 26.03.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:28

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).

9.8

CVE-2020-1957

  • EPSS 86.1%
  • Veröffentlicht 25.03.2020 16:15:19
  • Zuletzt bearbeitet 21.11.2024 05:11:44

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.