Debian

Debian Linux

9947 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2015-5727

  • EPSS 0.61%
  • Veröffentlicht 13.05.2016 14:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.

7.5

CVE-2015-5726

  • EPSS 0.87%
  • Veröffentlicht 13.05.2016 14:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.

5.5

CVE-2016-3712

  • EPSS 0.14%
  • Veröffentlicht 11.05.2016 21:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

8.8

CVE-2016-3710

  • EPSS 0.07%
  • Veröffentlicht 11.05.2016 21:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Port...

6.1

CVE-2016-1236

  • EPSS 0.4%
  • Veröffentlicht 11.05.2016 21:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in ...

6.1

CVE-2016-4561

  • EPSS 0.3%
  • Veröffentlicht 10.05.2016 19:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.

8.8

CVE-2016-3105

  • EPSS 1.18%
  • Veröffentlicht 09.05.2016 20:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

10

CVE-2016-4422

  • EPSS 0.36%
  • Veröffentlicht 06.05.2016 17:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.

9.3

CVE-2015-8868

  • EPSS 1.09%
  • Veröffentlicht 06.05.2016 17:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mo...

3.3

CVE-2015-0858

  • EPSS 0.04%
  • Veröffentlicht 06.05.2016 17:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.