Debian

Debian Linux

9997 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 5.38%
  • Veröffentlicht 06.12.2022 05:15:11
  • Zuletzt bearbeitet 03.11.2025 22:15:57

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possibl...

  • EPSS 2.06%
  • Veröffentlicht 05.12.2022 22:15:10
  • Zuletzt bearbeitet 21.11.2024 07:02:12

A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.

  • EPSS 1.8%
  • Veröffentlicht 05.12.2022 22:15:10
  • Zuletzt bearbeitet 21.11.2024 07:02:12

A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.

Exploit
  • EPSS 4.33%
  • Veröffentlicht 05.12.2022 22:15:10
  • Zuletzt bearbeitet 13.02.2026 20:16:13

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request wh...

Exploit
  • EPSS 1.87%
  • Veröffentlicht 05.12.2022 22:15:10
  • Zuletzt bearbeitet 24.04.2025 14:15:32

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, i...

Exploit
  • EPSS 2.59%
  • Veröffentlicht 05.12.2022 22:15:10
  • Zuletzt bearbeitet 24.04.2025 14:15:32

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

  • EPSS 14.02%
  • Veröffentlicht 05.12.2022 22:15:10
  • Zuletzt bearbeitet 24.04.2025 14:15:38

A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid befor...

  • EPSS 0.66%
  • Veröffentlicht 04.12.2022 03:15:09
  • Zuletzt bearbeitet 24.04.2025 16:15:23

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.

  • EPSS 1.86%
  • Veröffentlicht 03.12.2022 15:15:09
  • Zuletzt bearbeitet 24.04.2025 16:15:18

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. T...

  • EPSS 0.66%
  • Veröffentlicht 30.11.2022 06:15:11
  • Zuletzt bearbeitet 24.04.2025 19:15:44

g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.