Debian

Debian Linux

9997 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 3.09%
  • Veröffentlicht 18.08.2014 11:15:27
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of...

  • EPSS 24.39%
  • Veröffentlicht 18.08.2014 11:15:27
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption...

  • EPSS 1.85%
  • Veröffentlicht 18.08.2014 11:15:26
  • Zuletzt bearbeitet 06.05.2026 22:30:45

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a b...

  • EPSS 6.42%
  • Veröffentlicht 14.08.2014 05:01:49
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corru...

  • EPSS 6.61%
  • Veröffentlicht 14.08.2014 05:01:49
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) ...

  • EPSS 1.65%
  • Veröffentlicht 13.08.2014 04:57:12
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have u...

  • EPSS 1.48%
  • Veröffentlicht 13.08.2014 04:57:12
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtai...

  • EPSS 1.2%
  • Veröffentlicht 13.08.2014 04:57:12
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • EPSS 0.47%
  • Veröffentlicht 01.08.2014 11:13:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory lo...

  • EPSS 4.94%
  • Veröffentlicht 23.07.2014 11:12:43
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attacke...