Debian

Debian Linux

9142 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-28613

Exploit
  • EPSS 0.34%
  • Published 18.04.2022 17:15:12
  • Last modified 21.11.2024 05:23:01

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attack...

8.8

CVE-2020-28614

Exploit
  • EPSS 0.34%
  • Published 18.04.2022 17:15:12
  • Last modified 21.11.2024 05:23:01

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attack...

4.8

CVE-2022-24851

Exploit
  • EPSS 0.94%
  • Published 15.04.2022 19:15:12
  • Last modified 21.11.2024 06:51:14

LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XS...

6.5

CVE-2022-28041

Exploit
  • EPSS 0.97%
  • Published 15.04.2022 14:15:07
  • Last modified 21.11.2024 06:56:39

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

8.8

CVE-2022-28042

Exploit
  • EPSS 0.43%
  • Published 15.04.2022 14:15:07
  • Last modified 21.11.2024 06:56:40

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.

9.8

CVE-2022-28044

Exploit
  • EPSS 0.27%
  • Published 15.04.2022 14:15:07
  • Last modified 21.11.2024 06:56:40

Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.

7.5

CVE-2022-26498

  • EPSS 0.24%
  • Published 15.04.2022 05:15:06
  • Last modified 21.11.2024 06:54:03

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fix...

9.1

CVE-2022-26499

  • EPSS 0.3%
  • Published 15.04.2022 05:15:06
  • Last modified 21.11.2024 06:54:03

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

9.8

CVE-2022-26651

  • EPSS 0.18%
  • Published 15.04.2022 05:15:06
  • Last modified 21.11.2024 06:54:15

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a ...

5.3

CVE-2022-1328

Exploit
  • EPSS 0.17%
  • Published 14.04.2022 21:15:08
  • Last modified 21.11.2024 06:40:29

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line