Debian

Debian Linux

9952 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-8518

Exploit
  • EPSS 84.86%
  • Veröffentlicht 17.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 05:38:59

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.

6.1

CVE-2019-10785

Exploit
  • EPSS 0.24%
  • Veröffentlicht 13.02.2020 17:15:29
  • Zuletzt bearbeitet 21.11.2024 04:19:55

dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.

9.8

CVE-2020-8955

  • EPSS 14.21%
  • Veröffentlicht 12.02.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:39:44

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel m...

7

CVE-2019-19921

  • EPSS 0.13%
  • Veröffentlicht 12.02.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:40

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able t...

7.5

CVE-2014-6262

  • EPSS 22.59%
  • Veröffentlicht 12.02.2020 02:15:10
  • Zuletzt bearbeitet 21.11.2024 02:14:03

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argu...

6

CVE-2020-1711

  • EPSS 0.56%
  • Veröffentlicht 11.02.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:13

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_s...

8.8

CVE-2020-6415

Exploit
  • EPSS 2.92%
  • Veröffentlicht 11.02.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:35:41

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2020-6416

Exploit
  • EPSS 3.89%
  • Veröffentlicht 11.02.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:35:41

Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

4.3

CVE-2020-6396

Exploit
  • EPSS 1.38%
  • Veröffentlicht 11.02.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:38

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5

CVE-2020-6397

Exploit
  • EPSS 1.38%
  • Veröffentlicht 11.02.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:38

Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.