Debian

Debian Linux

9951 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2019-3842

Exploit
  • EPSS 0.1%
  • Veröffentlicht 09.04.2019 21:29:03
  • Zuletzt bearbeitet 21.11.2024 04:42:40

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable wh...

5.3

CVE-2019-3795

  • EPSS 0.55%
  • Veröffentlicht 09.04.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:33

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an ...

5.5

CVE-2019-3880

  • EPSS 3.39%
  • Veröffentlicht 09.04.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:47

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation...

7.5

CVE-2019-10895

Exploit
  • EPSS 12.45%
  • Veröffentlicht 09.04.2019 04:29:01
  • Zuletzt bearbeitet 21.11.2024 04:20:04

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.

7.5

CVE-2019-10896

Exploit
  • EPSS 11.89%
  • Veröffentlicht 09.04.2019 04:29:01
  • Zuletzt bearbeitet 21.11.2024 04:20:04

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.

7.5

CVE-2019-10899

Exploit
  • EPSS 12.66%
  • Veröffentlicht 09.04.2019 04:29:01
  • Zuletzt bearbeitet 21.11.2024 04:20:05

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.

7.5

CVE-2019-10901

Exploit
  • EPSS 14.37%
  • Veröffentlicht 09.04.2019 04:29:01
  • Zuletzt bearbeitet 21.11.2024 04:20:05

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.

7.5

CVE-2019-10903

Exploit
  • EPSS 12.66%
  • Veröffentlicht 09.04.2019 04:29:01
  • Zuletzt bearbeitet 21.11.2024 04:20:05

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.

7.5

CVE-2019-10894

Exploit
  • EPSS 12.66%
  • Veröffentlicht 09.04.2019 04:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:04

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.

5.4

CVE-2019-11025

Exploit
  • EPSS 0.64%
  • Veröffentlicht 08.04.2019 23:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:23

In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.