Debian

Debian Linux

9998 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 10.12%
  • Veröffentlicht 26.03.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:32

In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION...

  • EPSS 15.56%
  • Veröffentlicht 26.03.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:34

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to tri...

  • EPSS 70.78%
  • Veröffentlicht 26.03.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:34

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of ...

  • EPSS 15.89%
  • Veröffentlicht 26.03.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:36

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication con...

Exploit
  • EPSS 3.19%
  • Veröffentlicht 25.03.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:47

In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.

Exploit
  • EPSS 1.93%
  • Veröffentlicht 25.03.2018 03:29:01
  • Zuletzt bearbeitet 21.11.2024 04:14:46

In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.

Exploit
  • EPSS 2.11%
  • Veröffentlicht 25.03.2018 03:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:43

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.

  • EPSS 1.34%
  • Veröffentlicht 24.03.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:42

The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.

Exploit
  • EPSS 9.66%
  • Veröffentlicht 23.03.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:46

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to ...

Exploit
  • EPSS 3.1%
  • Veröffentlicht 22.03.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:34

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.