Debian

Debian 9 (stretch)

363 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2020-24586

Exploit
  • EPSS 1.46%
  • Veröffentlicht 11.05.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 05:15:03

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when a...

2.6

CVE-2020-24587

Exploit
  • EPSS 0.49%
  • Veröffentlicht 11.05.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 05:15:05

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragmen...

3.5

CVE-2020-24588

Exploit
  • EPSS 0.31%
  • Veröffentlicht 11.05.2021 20:15:08
  • Zuletzt bearbeitet 14.04.2026 09:16:20

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP...

5.3

CVE-2020-26139

  • EPSS 2.25%
  • Veröffentlicht 11.05.2021 20:15:08
  • Zuletzt bearbeitet 14.04.2026 09:16:21

An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denia...

5.4

CVE-2020-26147

  • EPSS 0.19%
  • Veröffentlicht 11.05.2021 20:15:08
  • Zuletzt bearbeitet 14.04.2026 10:16:18

An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragme...

7

CVE-2021-32399

Exploit
  • EPSS 0.06%
  • Veröffentlicht 10.05.2021 22:15:06
  • Zuletzt bearbeitet 21.11.2024 06:06:59

net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.

6.7

CVE-2021-31916

  • EPSS 0.11%
  • Veröffentlicht 06.05.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:06:30

An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gai...

7

CVE-2021-23133

Exploit
  • EPSS 0.09%
  • Veröffentlicht 22.04.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:51:16

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr...

5.5

CVE-2020-36322

  • EPSS 0.04%
  • Veröffentlicht 14.04.2021 06:15:12
  • Zuletzt bearbeitet 21.11.2024 05:29:16

An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulne...

7.8

CVE-2021-29154

  • EPSS 0.04%
  • Veröffentlicht 08.04.2021 21:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:47

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.