Debian

Debian Linux

9950 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-23916

Exploit
  • EPSS 0.09%
  • Veröffentlicht 23.02.2023 20:15:13
  • Zuletzt bearbeitet 12.03.2025 19:15:36

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms...

8.8

CVE-2023-26314

  • EPSS 1.58%
  • Veröffentlicht 22.02.2023 07:15:10
  • Zuletzt bearbeitet 18.03.2025 17:15:42

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

6.5

CVE-2023-23009

Exploit
  • EPSS 0.44%
  • Veröffentlicht 21.02.2023 16:15:11
  • Zuletzt bearbeitet 17.03.2025 17:15:15

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.

9.8

CVE-2022-48337

  • EPSS 0.52%
  • Veröffentlicht 20.02.2023 23:15:12
  • Zuletzt bearbeitet 18.03.2025 16:15:14

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may u...

7.5

CVE-2023-24998

  • EPSS 53.53%
  • Veröffentlicht 20.02.2023 16:15:10
  • Zuletzt bearbeitet 03.11.2025 22:16:05

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limi...

7.4

CVE-2023-0361

Exploit
  • EPSS 3.62%
  • Veröffentlicht 15.02.2023 18:15:11
  • Zuletzt bearbeitet 19.03.2025 18:15:18

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a s...

7.5

CVE-2023-24580

  • EPSS 25.41%
  • Veröffentlicht 15.02.2023 01:15:10
  • Zuletzt bearbeitet 18.03.2025 20:15:18

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory...

9.1

CVE-2023-25725

  • EPSS 29.94%
  • Veröffentlicht 14.02.2023 19:15:11
  • Zuletzt bearbeitet 20.03.2025 20:15:29

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to trunca...

7.8

CVE-2023-0770

Exploit
  • EPSS 0.04%
  • Veröffentlicht 09.02.2023 22:15:11
  • Zuletzt bearbeitet 21.11.2024 07:37:47

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.

7.5

CVE-2023-22795

  • EPSS 1.52%
  • Veröffentlicht 09.02.2023 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:45:26

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtrac...