Debian

Debian Linux

9979 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2020-5258

Exploit
  • EPSS 1.54%
  • Veröffentlicht 10.03.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:46

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker ...

5.5

CVE-2012-1096

  • EPSS 0.35%
  • Veröffentlicht 10.03.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 01:36:24

NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.

9.8

CVE-2020-10232

  • EPSS 1.41%
  • Veröffentlicht 09.03.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 04:55:01

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.

6.5

CVE-2019-20503

Exploit
  • EPSS 2.47%
  • Veröffentlicht 06.03.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:38:38

usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

10

CVE-2020-10188

  • EPSS 8.4%
  • Veröffentlicht 06.03.2020 15:15:14
  • Zuletzt bearbeitet 21.01.2026 02:15:47

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

3.5

CVE-2019-20382

  • EPSS 0.04%
  • Veröffentlicht 05.03.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:38:20

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

8.8

CVE-2020-9402

  • EPSS 87.51%
  • Veröffentlicht 05.03.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:33

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggreg...

7.5

CVE-2020-8659

  • EPSS 1.02%
  • Veröffentlicht 04.03.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 05:39:12

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.

5.5

CVE-2020-10029

Exploit
  • EPSS 0.05%
  • Veröffentlicht 04.03.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 04:54:40

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl...

9.8

CVE-2020-10018

  • EPSS 2.64%
  • Veröffentlicht 02.03.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:54:39

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memor...