Debian

Debian Linux

9922 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2017-18122

  • EPSS 0.31%
  • Veröffentlicht 02.02.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:23

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signatur...

5.5

CVE-2018-6544

Exploit
  • EPSS 0.36%
  • Veröffentlicht 02.02.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:52

pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

7.5

CVE-2018-6519

  • EPSS 0.47%
  • Veröffentlicht 02.02.2018 01:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:49

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.

9.8

CVE-2018-6521

Exploit
  • EPSS 0.59%
  • Veröffentlicht 02.02.2018 01:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:49

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions...

5.5

CVE-2017-18043

  • EPSS 0.13%
  • Veröffentlicht 31.01.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:14

Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).

7.8

CVE-2018-5996

Exploit
  • EPSS 4.48%
  • Veröffentlicht 31.01.2018 18:29:00
  • Zuletzt bearbeitet 10.01.2025 19:15:28

Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or ...

5.9

CVE-2017-15698

  • EPSS 0.83%
  • Veröffentlicht 31.01.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:15:01

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It wa...

6.4

CVE-2011-2902

  • EPSS 0.59%
  • Veröffentlicht 30.01.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 01:29:14

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.

7.8

CVE-2017-17969

Exploit
  • EPSS 3.26%
  • Veröffentlicht 30.01.2018 16:29:00
  • Zuletzt bearbeitet 10.01.2025 19:15:27

Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive...

9.8

CVE-2016-10711

  • EPSS 1%
  • Veröffentlicht 29.01.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 02:44:34

Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.