Debian

Debian Linux

9998 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.73%
  • Veröffentlicht 16.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:38:03

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.

  • EPSS 1.62%
  • Veröffentlicht 16.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:38:03

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.

  • EPSS 0.4%
  • Veröffentlicht 16.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 02:05:36

X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.

  • EPSS 1.46%
  • Veröffentlicht 15.07.2018 01:29:03
  • Zuletzt bearbeitet 21.11.2024 03:48:31

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

  • EPSS 2.02%
  • Veröffentlicht 15.07.2018 01:29:03
  • Zuletzt bearbeitet 21.11.2024 03:48:32

ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

  • EPSS 0.59%
  • Veröffentlicht 13.07.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:11

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

Exploit
  • EPSS 4.14%
  • Veröffentlicht 13.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:29

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Exploit
  • EPSS 40.61%
  • Veröffentlicht 11.07.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:33

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

  • EPSS 1.2%
  • Veröffentlicht 10.07.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:12

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other...

  • EPSS 3.25%
  • Veröffentlicht 10.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:09

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be a...