Debian

Debian Linux

9997 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.34%
  • Veröffentlicht 25.11.2014 23:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploit
  • EPSS 18.35%
  • Veröffentlicht 24.11.2014 16:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

  • EPSS 2.2%
  • Veröffentlicht 24.11.2014 15:59:19
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.

  • EPSS 82.23%
  • Veröffentlicht 24.11.2014 15:59:17
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.

  • EPSS 2.46%
  • Veröffentlicht 24.11.2014 15:59:16
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.

  • EPSS 0.58%
  • Veröffentlicht 24.11.2014 15:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

  • EPSS 0.41%
  • Veröffentlicht 19.11.2014 18:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJM...

  • EPSS 2.22%
  • Veröffentlicht 19.11.2014 18:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation ser...

Exploit
  • EPSS 0.59%
  • Veröffentlicht 18.11.2014 15:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vu...

  • EPSS 3.89%
  • Veröffentlicht 15.11.2014 20:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that tr...