Debian

Debian Linux

9979 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-37207

  • EPSS 0.42%
  • Veröffentlicht 05.07.2023 09:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:11

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115...

7.5

CVE-2023-36053

  • EPSS 9.6%
  • Veröffentlicht 03.07.2023 13:15:09
  • Zuletzt bearbeitet 04.11.2025 18:15:40

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

6.5

CVE-2023-3338

Exploit
  • EPSS 7.72%
  • Veröffentlicht 30.06.2023 22:15:10
  • Zuletzt bearbeitet 21.11.2024 08:17:02

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.

7.8

CVE-2023-3090

Exploit
  • EPSS 0.01%
  • Veröffentlicht 28.06.2023 20:15:09
  • Zuletzt bearbeitet 13.02.2025 17:16:55

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnera...

7.8

CVE-2023-3389

  • EPSS 0.02%
  • Veröffentlicht 28.06.2023 20:15:09
  • Zuletzt bearbeitet 13.02.2025 17:16:56

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past comm...

8.8

CVE-2023-3420

  • EPSS 4.6%
  • Veröffentlicht 26.06.2023 21:15:09
  • Zuletzt bearbeitet 05.05.2025 16:15:45

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2023-3421

  • EPSS 0.76%
  • Veröffentlicht 26.06.2023 21:15:09
  • Zuletzt bearbeitet 05.05.2025 16:15:45

Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2023-3422

  • EPSS 0.2%
  • Veröffentlicht 26.06.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:17:13

Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

7.5

CVE-2023-36661

  • EPSS 60.67%
  • Veröffentlicht 25.06.2023 22:15:21
  • Zuletzt bearbeitet 05.05.2025 16:15:42

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)

7.8

CVE-2023-36664

  • EPSS 6.43%
  • Veröffentlicht 25.06.2023 22:15:21
  • Zuletzt bearbeitet 05.12.2024 15:15:07

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).