Debian

Debian Linux

9952 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2020-8632

  • EPSS 0.1%
  • Veröffentlicht 05.02.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:39:09

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.

7.5

CVE-2019-12528

  • EPSS 23.63%
  • Veröffentlicht 04.02.2020 21:15:10
  • Zuletzt bearbeitet 21.11.2024 04:23:02

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

7.5

CVE-2020-8449

  • EPSS 3.96%
  • Veröffentlicht 04.02.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:38:52

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

7.5

CVE-2020-8450

  • EPSS 46.29%
  • Veröffentlicht 04.02.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:38:52

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

9.8

CVE-2020-8597

  • EPSS 65.4%
  • Veröffentlicht 03.02.2020 23:15:11
  • Zuletzt bearbeitet 03.12.2025 16:15:54

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

6.5

CVE-2019-20446

  • EPSS 1.33%
  • Veröffentlicht 02.02.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:38:30

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows expon...

7.1

CVE-2020-8492

Exploit
  • EPSS 3.63%
  • Veröffentlicht 30.01.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:38:56

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicA...

9.1

CVE-2019-20444

Exploit
  • EPSS 11.91%
  • Veröffentlicht 29.01.2020 21:15:11
  • Zuletzt bearbeitet 01.07.2025 18:15:23

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

9.1

CVE-2019-20445

Exploit
  • EPSS 2.84%
  • Veröffentlicht 29.01.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:38:30

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

7.8

CVE-2019-18634

Exploit
  • EPSS 88.56%
  • Veröffentlicht 29.01.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:33:25

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upst...