Debian

Debian Linux

9998 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.07%
  • Veröffentlicht 31.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:55

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is s...

Exploit
  • EPSS 1.76%
  • Veröffentlicht 31.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:55

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh serv...

  • EPSS 19.4%
  • Veröffentlicht 30.01.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:03

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_htt...

  • EPSS 19.99%
  • Veröffentlicht 30.01.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:04

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session...

Exploit
  • EPSS 3.23%
  • Veröffentlicht 30.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:05

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.

Exploit
  • EPSS 3.23%
  • Veröffentlicht 30.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:05

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

Exploit
  • EPSS 3.34%
  • Veröffentlicht 30.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:05

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

Exploit
  • EPSS 2.21%
  • Veröffentlicht 29.01.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:39

A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.

Exploit
  • EPSS 1.39%
  • Veröffentlicht 29.01.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:40

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted inp...

  • EPSS 14.56%
  • Veröffentlicht 28.01.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:05

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.