Debian

Debian Linux

9952 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-20388

  • EPSS 0.63%
  • Veröffentlicht 21.01.2020 23:15:13
  • Zuletzt bearbeitet 17.12.2025 22:15:55

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

7.5

CVE-2020-7595

  • EPSS 0.49%
  • Veröffentlicht 21.01.2020 23:15:13
  • Zuletzt bearbeitet 03.12.2025 16:15:54

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

9.3

CVE-2020-7040

  • EPSS 5.19%
  • Veröffentlicht 21.01.2020 21:15:16
  • Zuletzt bearbeitet 21.11.2024 05:36:32

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of sto...

5.5

CVE-2020-5202

Exploit
  • EPSS 0.07%
  • Veröffentlicht 21.01.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:40

apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit So...

5.5

CVE-2019-14902

  • EPSS 3.5%
  • Veröffentlicht 21.01.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:39

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on a...

6.5

CVE-2019-14907

  • EPSS 10.24%
  • Veröffentlicht 21.01.2020 18:15:12
  • Zuletzt bearbeitet 14.01.2025 19:29:55

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such st...

9.8

CVE-2019-17361

  • EPSS 18.52%
  • Veröffentlicht 17.01.2020 02:15:11
  • Zuletzt bearbeitet 21.11.2024 04:32:10

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

6.8

CVE-2020-7039

  • EPSS 0.83%
  • Veröffentlicht 16.01.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 05:36:32

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute ...

5.3

CVE-2019-18282

  • EPSS 0.68%
  • Veröffentlicht 16.01.2020 16:15:16
  • Zuletzt bearbeitet 21.11.2024 04:32:58

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and beca...

6.5

CVE-2020-7045

Exploit
  • EPSS 0.24%
  • Veröffentlicht 16.01.2020 04:15:11
  • Zuletzt bearbeitet 21.11.2024 05:36:33

In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.