Debian

Debian Linux

9952 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-10109

Exploit
  • EPSS 3.52%
  • Veröffentlicht 12.03.2020 13:15:12
  • Zuletzt bearbeitet 25.11.2024 18:12:24

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipel...

5

CVE-2020-1733

Exploit
  • EPSS 0.03%
  • Veröffentlicht 11.03.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:11:16

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in ...

7.8

CVE-2020-0034

  • EPSS 4.51%
  • Veröffentlicht 10.03.2020 20:15:20
  • Zuletzt bearbeitet 21.11.2024 04:52:47

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User i...

5

CVE-2020-5258

Exploit
  • EPSS 1.54%
  • Veröffentlicht 10.03.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:46

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker ...

5.5

CVE-2012-1096

  • EPSS 0.35%
  • Veröffentlicht 10.03.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 01:36:24

NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.

9.8

CVE-2020-10232

  • EPSS 1.41%
  • Veröffentlicht 09.03.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 04:55:01

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.

6.5

CVE-2019-20503

Exploit
  • EPSS 2.47%
  • Veröffentlicht 06.03.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:38:38

usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

10

CVE-2020-10188

  • EPSS 8.4%
  • Veröffentlicht 06.03.2020 15:15:14
  • Zuletzt bearbeitet 21.01.2026 02:15:47

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

3.5

CVE-2019-20382

  • EPSS 0.04%
  • Veröffentlicht 05.03.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:38:20

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

8.8

CVE-2020-9402

  • EPSS 85.51%
  • Veröffentlicht 05.03.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:33

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggreg...