Debian

Debian Linux

9997 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 4.71%
  • Veröffentlicht 27.09.2016 15:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.

  • EPSS 41.68%
  • Veröffentlicht 26.09.2016 19:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

  • EPSS 1.08%
  • Veröffentlicht 26.09.2016 15:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

Exploit
  • EPSS 6.96%
  • Veröffentlicht 26.09.2016 14:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based b...

  • EPSS 1.86%
  • Veröffentlicht 25.09.2016 20:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.

  • EPSS 4.15%
  • Veröffentlicht 25.09.2016 10:59:41
  • Zuletzt bearbeitet 06.05.2026 22:30:45

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

  • EPSS 3.77%
  • Veröffentlicht 22.09.2016 15:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

Exploit
  • EPSS 7.11%
  • Veröffentlicht 21.09.2016 14:25:28
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

  • EPSS 1.06%
  • Veröffentlicht 21.09.2016 14:25:26
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

  • EPSS 2.29%
  • Veröffentlicht 21.09.2016 14:25:21
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 ...