Debian

Debian Linux

9951 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-12111

Exploit
  • EPSS 1.01%
  • Veröffentlicht 15.05.2019 23:29:00
  • Zuletzt bearbeitet 21.11.2024 04:22:13

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.

5.5

CVE-2019-11833

  • EPSS 0.02%
  • Veröffentlicht 15.05.2019 13:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:51

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

3.3

CVE-2019-11884

  • EPSS 0.05%
  • Veröffentlicht 10.05.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:57

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a...

5.9

CVE-2019-11840

  • EPSS 2.71%
  • Veröffentlicht 09.05.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:52

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/sals...

9.8

CVE-2019-11831

  • EPSS 10.33%
  • Veröffentlicht 09.05.2019 04:29:01
  • Zuletzt bearbeitet 21.11.2024 04:21:50

The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/b...

9.3

CVE-2019-11815

Exploit
  • EPSS 1.11%
  • Veröffentlicht 08.05.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:49

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

9.3

CVE-2018-20836

  • EPSS 3.89%
  • Veröffentlicht 07.05.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:16

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

7.8

CVE-2019-11810

  • EPSS 1.84%
  • Veröffentlicht 07.05.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:48

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a ...

9.8

CVE-2019-11766

  • EPSS 0.76%
  • Veröffentlicht 05.05.2019 06:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:45

dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.

9.1

CVE-2019-11036

  • EPSS 1.69%
  • Veröffentlicht 03.05.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:24

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.