Debian

Debian Linux

9140 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2025-32463

Warnung Medienbericht Exploit
  • EPSS 23.61%
  • Veröffentlicht 30.06.2025 00:00:00
  • Zuletzt bearbeitet 30.09.2025 13:30:30

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

9.8

CVE-2014-7210

  • EPSS 0.07%
  • Veröffentlicht 26.06.2025 20:52:47
  • Zuletzt bearbeitet 06.08.2025 16:38:04

pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affec...

4.7

CVE-2025-4598

Exploit
  • EPSS 0.05%
  • Veröffentlicht 30.05.2025 13:13:26
  • Zuletzt bearbeitet 27.08.2025 17:16:21

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, suc...

8.8

CVE-2025-3887

  • EPSS 0.22%
  • Veröffentlicht 22.05.2025 00:47:04
  • Zuletzt bearbeitet 13.08.2025 15:57:22

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to ex...

8.8

CVE-2025-47273

Exploit
  • EPSS 0.16%
  • Veröffentlicht 17.05.2025 15:46:11
  • Zuletzt bearbeitet 12.06.2025 16:29:01

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write fi...

7.5

CVE-2024-47619

Exploit
  • EPSS 0.06%
  • Veröffentlicht 07.05.2025 15:12:02
  • Zuletzt bearbeitet 22.09.2025 10:33:37

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but sh...

3.7

CVE-2025-4215

Exploit
  • EPSS 0.13%
  • Veröffentlicht 02.05.2025 20:31:05
  • Zuletzt bearbeitet 17.06.2025 14:17:53

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regula...

7.5

CVE-2025-3891

  • EPSS 0.96%
  • Veröffentlicht 29.04.2025 11:56:50
  • Zuletzt bearbeitet 28.07.2025 14:15:27

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes c...

7.5

CVE-2025-21605

  • EPSS 0.08%
  • Veröffentlicht 23.04.2025 15:38:11
  • Zuletzt bearbeitet 05.09.2025 14:31:22

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, t...

3.8

CVE-2025-32728

  • EPSS 0.03%
  • Veröffentlicht 10.04.2025 00:00:00
  • Zuletzt bearbeitet 22.05.2025 16:51:54

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.