Debian

Debian Linux

9998 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht
  • EPSS 5.05%
  • Veröffentlicht 14.12.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:57

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.

Medienbericht
  • EPSS 6.68%
  • Veröffentlicht 14.12.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:57

In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the p...

Medienbericht
  • EPSS 4.27%
  • Veröffentlicht 14.12.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:57

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.

Medienbericht
  • EPSS 2.47%
  • Veröffentlicht 14.12.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:57

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.

  • EPSS 66.25%
  • Veröffentlicht 14.12.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:29

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically,...

  • EPSS 5.04%
  • Veröffentlicht 14.12.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:30

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only v...

  • EPSS 1.08%
  • Veröffentlicht 13.12.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:29

A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the t...

  • EPSS 0.53%
  • Veröffentlicht 13.12.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:48

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.

  • EPSS 0.4%
  • Veröffentlicht 13.12.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:00

v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.

Exploit
  • EPSS 2.29%
  • Veröffentlicht 12.12.2018 10:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:52

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.