Debian

Debian Linux

9998 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 3.75%
  • Veröffentlicht 08.11.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:21

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimi...

  • EPSS 1.82%
  • Veröffentlicht 08.11.2018 08:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:20

In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.

  • EPSS 1.94%
  • Veröffentlicht 08.11.2018 08:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:20

In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.

Exploit
  • EPSS 2.09%
  • Veröffentlicht 07.11.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:14

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

  • EPSS 47.06%
  • Veröffentlicht 07.11.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:25

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option...

  • EPSS 12.4%
  • Veröffentlicht 07.11.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:25

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the '...

  • EPSS 9.8%
  • Veröffentlicht 07.11.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:25

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using ...

Exploit
  • EPSS 14.08%
  • Veröffentlicht 07.11.2018 05:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:14

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a...

  • EPSS 2.14%
  • Veröffentlicht 06.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:49

A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.

  • EPSS 0.42%
  • Veröffentlicht 06.11.2018 17:29:01
  • Zuletzt bearbeitet 21.11.2024 04:15:37

In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for e...