Debian

Debian Linux

9997 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 8.9%
  • Veröffentlicht 23.12.2013 22:55:03
  • Zuletzt bearbeitet 29.04.2026 01:13:23

denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.

  • EPSS 2.76%
  • Veröffentlicht 23.12.2013 22:55:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to ...

  • EPSS 1.68%
  • Veröffentlicht 09.12.2013 16:36:49
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have uns...

  • EPSS 3.12%
  • Veröffentlicht 07.12.2013 21:55:09
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.

  • EPSS 2.54%
  • Veröffentlicht 07.12.2013 20:55:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.

  • EPSS 4.58%
  • Veröffentlicht 28.11.2013 04:37:39
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted inte...

  • EPSS 10.72%
  • Veröffentlicht 20.11.2013 14:12:30
  • Zuletzt bearbeitet 29.04.2026 01:13:23

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple...

  • EPSS 5.42%
  • Veröffentlicht 20.11.2013 14:12:30
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.

  • EPSS 10.12%
  • Veröffentlicht 19.11.2013 04:50:56
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of s...

  • EPSS 6.09%
  • Veröffentlicht 18.11.2013 05:23:57
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.