Debian

Debian Linux

9212 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2019-14380

  • EPSS 0.29%
  • Veröffentlicht 30.07.2019 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:26:37

libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files.

7.1

CVE-2019-14442

Exploit
  • EPSS 0.22%
  • Veröffentlicht 30.07.2019 13:15:18
  • Zuletzt bearbeitet 21.11.2024 04:26:45

In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.

6.5

CVE-2019-14443

Exploit
  • EPSS 0.51%
  • Veröffentlicht 30.07.2019 13:15:18
  • Zuletzt bearbeitet 21.11.2024 04:26:45

An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

7.5

CVE-2019-14439

  • EPSS 7.16%
  • Veröffentlicht 30.07.2019 11:15:11
  • Zuletzt bearbeitet 21.11.2024 04:26:44

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logbac...

9.8

CVE-2019-14271

  • EPSS 72.2%
  • Veröffentlicht 29.07.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:26:20

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

9.8

CVE-2019-14379

  • EPSS 1.46%
  • Veröffentlicht 29.07.2019 12:15:16
  • Zuletzt bearbeitet 21.11.2024 04:26:37

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

6.5

CVE-2019-14370

Exploit
  • EPSS 0.14%
  • Veröffentlicht 28.07.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:26:36

In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service.

6.5

CVE-2019-14369

Exploit
  • EPSS 0.19%
  • Veröffentlicht 28.07.2019 19:15:10
  • Zuletzt bearbeitet 21.11.2024 04:26:36

Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file.

4.9

CVE-2019-13057

  • EPSS 1.09%
  • Veröffentlicht 26.07.2019 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:24:07

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not pro...

7.5

CVE-2019-13565

  • EPSS 5.75%
  • Veröffentlicht 26.07.2019 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:25:11

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simpl...