Debian

Debian Linux

9928 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2019-9892

  • EPSS 0.46%
  • Veröffentlicht 22.05.2019 00:29:02
  • Zuletzt bearbeitet 21.11.2024 04:52:31

An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report S...

6.5

CVE-2019-12216

Exploit
  • EPSS 1.13%
  • Veröffentlicht 20.05.2019 17:29:17
  • Zuletzt bearbeitet 21.11.2024 04:22:26

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.

6.5

CVE-2019-12221

Exploit
  • EPSS 2.11%
  • Veröffentlicht 20.05.2019 17:29:17
  • Zuletzt bearbeitet 21.11.2024 04:22:27

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.

6.5

CVE-2019-12213

Exploit
  • EPSS 0.34%
  • Veröffentlicht 20.05.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:22:26

When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.

7.5

CVE-2019-12086

Exploit
  • EPSS 13.57%
  • Veröffentlicht 17.05.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:22:10

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja...

7.8

CVE-2019-3839

  • EPSS 0.17%
  • Veröffentlicht 16.05.2019 19:29:05
  • Zuletzt bearbeitet 21.11.2024 04:42:40

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside o...

7.4

CVE-2019-12098

  • EPSS 4.8%
  • Veröffentlicht 15.05.2019 23:29:00
  • Zuletzt bearbeitet 21.11.2024 04:22:11

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

7.5

CVE-2019-12111

Exploit
  • EPSS 1.03%
  • Veröffentlicht 15.05.2019 23:29:00
  • Zuletzt bearbeitet 21.11.2024 04:22:13

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.

5.5

CVE-2019-11833

  • EPSS 0.03%
  • Veröffentlicht 15.05.2019 13:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:51

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

3.3

CVE-2019-11884

  • EPSS 0.05%
  • Veröffentlicht 10.05.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:57

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a...