Debian

Debian Linux

9979 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2017-7525

  • EPSS 82.15%
  • Veröffentlicht 06.02.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:32:04

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj...

6.5

CVE-2018-6621

  • EPSS 0.68%
  • Veröffentlicht 05.02.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:00

The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.

5.5

CVE-2018-6616

Exploit
  • EPSS 0.08%
  • Veröffentlicht 04.02.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:59

In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

9.1

CVE-2018-6596

  • EPSS 0.55%
  • Veröffentlicht 03.02.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:58

webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.

9.3

CVE-2017-18123

Exploit
  • EPSS 0.51%
  • Veröffentlicht 03.02.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:23

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.

7.5

CVE-2018-6594

Exploit
  • EPSS 0.91%
  • Veröffentlicht 03.02.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:57

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only ...

6.1

CVE-2017-18121

  • EPSS 0.36%
  • Veröffentlicht 02.02.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:23

The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.

8.1

CVE-2017-18122

  • EPSS 0.31%
  • Veröffentlicht 02.02.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:23

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signatur...

5.5

CVE-2018-6544

Exploit
  • EPSS 0.36%
  • Veröffentlicht 02.02.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:52

pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

7.5

CVE-2018-6519

  • EPSS 0.47%
  • Veröffentlicht 02.02.2018 01:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:49

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.