Debian

Debian Linux

9997 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.05%
  • Veröffentlicht 26.06.2017 07:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.

  • EPSS 0.36%
  • Veröffentlicht 25.06.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.

  • EPSS 1.68%
  • Veröffentlicht 25.06.2017 13:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in I...

  • EPSS 4.34%
  • Veröffentlicht 22.06.2017 21:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

  • EPSS 2%
  • Veröffentlicht 22.06.2017 21:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

  • EPSS 0.36%
  • Veröffentlicht 21.06.2017 15:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacke...

  • EPSS 3.82%
  • Veröffentlicht 21.06.2017 07:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.

  • EPSS 20.23%
  • Veröffentlicht 20.06.2017 01:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

  • EPSS 57.47%
  • Veröffentlicht 20.06.2017 01:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacke...

  • EPSS 2.73%
  • Veröffentlicht 19.06.2017 16:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made t...