Debian

Debian Linux

9950 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-44641

  • EPSS 0.47%
  • Veröffentlicht 18.11.2022 21:15:11
  • Zuletzt bearbeitet 29.04.2025 19:15:52

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.

7.5

CVE-2022-41916

  • EPSS 0.29%
  • Veröffentlicht 15.11.2022 23:15:27
  • Zuletzt bearbeitet 21.11.2024 07:24:03

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well...

8.8

CVE-2022-3970

Exploit
  • EPSS 0.11%
  • Veröffentlicht 13.11.2022 08:15:16
  • Zuletzt bearbeitet 21.11.2024 07:20:38

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. Th...

7.8

CVE-2022-45188

Exploit
  • EPSS 0.06%
  • Veröffentlicht 12.11.2022 05:15:12
  • Zuletzt bearbeitet 13.02.2026 20:16:14

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

9.8

CVE-2022-45062

  • EPSS 3.55%
  • Veröffentlicht 09.11.2022 07:15:10
  • Zuletzt bearbeitet 01.05.2025 15:15:58

In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.

7.5

CVE-2022-45060

  • EPSS 0.95%
  • Veröffentlicht 09.11.2022 06:15:09
  • Zuletzt bearbeitet 01.05.2025 15:15:58

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request...

8.8

CVE-2022-3886

  • EPSS 0.34%
  • Veröffentlicht 09.11.2022 04:15:10
  • Zuletzt bearbeitet 21.11.2024 07:20:26

Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2022-3887

  • EPSS 0.32%
  • Veröffentlicht 09.11.2022 04:15:10
  • Zuletzt bearbeitet 21.11.2024 07:20:26

Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2022-3888

  • EPSS 0.37%
  • Veröffentlicht 09.11.2022 04:15:10
  • Zuletzt bearbeitet 21.11.2024 07:20:26

Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8

CVE-2022-3889

  • EPSS 0.26%
  • Veröffentlicht 09.11.2022 04:15:10
  • Zuletzt bearbeitet 21.11.2024 07:20:27

Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)