Debian

Debian Linux

9140 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2025-32463

Warning Media report Exploit
  • EPSS 23.61%
  • Published 30.06.2025 00:00:00
  • Last modified 30.09.2025 13:30:30

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

9.8

CVE-2014-7210

  • EPSS 0.07%
  • Published 26.06.2025 20:52:47
  • Last modified 06.08.2025 16:38:04

pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affec...

4.7

CVE-2025-4598

Exploit
  • EPSS 0.05%
  • Published 30.05.2025 13:13:26
  • Last modified 27.08.2025 17:16:21

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, suc...

8.8

CVE-2025-3887

  • EPSS 0.22%
  • Published 22.05.2025 00:47:04
  • Last modified 13.08.2025 15:57:22

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to ex...

8.8

CVE-2025-47273

Exploit
  • EPSS 0.16%
  • Published 17.05.2025 15:46:11
  • Last modified 12.06.2025 16:29:01

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write fi...

7.5

CVE-2024-47619

Exploit
  • EPSS 0.06%
  • Published 07.05.2025 15:12:02
  • Last modified 22.09.2025 10:33:37

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but sh...

3.7

CVE-2025-4215

Exploit
  • EPSS 0.13%
  • Published 02.05.2025 20:31:05
  • Last modified 17.06.2025 14:17:53

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regula...

7.5

CVE-2025-3891

  • EPSS 0.96%
  • Published 29.04.2025 11:56:50
  • Last modified 28.07.2025 14:15:27

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes c...

7.5

CVE-2025-21605

  • EPSS 0.08%
  • Published 23.04.2025 15:38:11
  • Last modified 05.09.2025 14:31:22

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, t...

3.8

CVE-2025-32728

  • EPSS 0.03%
  • Published 10.04.2025 00:00:00
  • Last modified 22.05.2025 16:51:54

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.