Debian

Debian Linux

9979 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2023-0266

Warnung
  • EPSS 0.15%
  • Veröffentlicht 30.01.2023 14:15:10
  • Zuletzt bearbeitet 24.10.2025 13:54:46

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the syst...

8.1

CVE-2020-36659

  • EPSS 0.31%
  • Veröffentlicht 27.01.2023 05:15:17
  • Zuletzt bearbeitet 03.04.2025 13:15:40

In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example...

8.1

CVE-2020-36658

  • EPSS 0.18%
  • Veröffentlicht 27.01.2023 05:15:12
  • Zuletzt bearbeitet 28.03.2025 18:15:15

In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fix...

5.7

CVE-2022-47951

Exploit
  • EPSS 0.62%
  • Veröffentlicht 26.01.2023 22:15:25
  • Zuletzt bearbeitet 31.03.2025 17:15:39

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image ...

7.1

CVE-2023-0412

  • EPSS 0.22%
  • Veröffentlicht 26.01.2023 21:18:07
  • Zuletzt bearbeitet 03.11.2025 22:16:02

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

5.5

CVE-2022-48281

Exploit
  • EPSS 0.01%
  • Veröffentlicht 23.01.2023 03:15:09
  • Zuletzt bearbeitet 03.04.2025 14:15:23

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

7.5

CVE-2023-24038

Exploit
  • EPSS 0.11%
  • Veröffentlicht 21.01.2023 01:15:15
  • Zuletzt bearbeitet 02.04.2025 16:15:32

The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.

7.5

CVE-2023-24021

  • EPSS 0.1%
  • Veröffentlicht 20.01.2023 19:15:18
  • Zuletzt bearbeitet 02.04.2025 17:15:34

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.

7.5

CVE-2022-48279

  • EPSS 0.65%
  • Veröffentlicht 20.01.2023 19:15:17
  • Zuletzt bearbeitet 03.07.2025 20:59:18

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C l...

6.5

CVE-2022-47950

Exploit
  • EPSS 0.23%
  • Veröffentlicht 18.01.2023 17:15:10
  • Zuletzt bearbeitet 04.04.2025 16:15:16

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthor...