Debian

Debian Linux

9950 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2022-41674

Exploit
  • EPSS 0.51%
  • Veröffentlicht 14.10.2022 00:15:09
  • Zuletzt bearbeitet 15.05.2025 15:16:06

An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.

7.8

CVE-2022-42720

Exploit
  • EPSS 0.65%
  • Veröffentlicht 14.10.2022 00:15:09
  • Zuletzt bearbeitet 15.05.2025 21:15:49

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute c...

5.5

CVE-2022-42721

Exploit
  • EPSS 0.02%
  • Veröffentlicht 14.10.2022 00:15:09
  • Zuletzt bearbeitet 15.05.2025 21:15:49

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.

5.5

CVE-2022-42722

Exploit
  • EPSS 0.08%
  • Veröffentlicht 14.10.2022 00:15:09
  • Zuletzt bearbeitet 21.11.2024 07:25:13

In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.

8.8

CVE-2022-42719

Exploit
  • EPSS 0.6%
  • Veröffentlicht 13.10.2022 23:15:11
  • Zuletzt bearbeitet 15.05.2025 21:15:48

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

8.8

CVE-2022-42902

  • EPSS 1.87%
  • Veröffentlicht 13.10.2022 03:15:09
  • Zuletzt bearbeitet 15.05.2025 17:15:47

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided ...

7.8

CVE-2022-42906

Exploit
  • EPSS 0.57%
  • Veröffentlicht 13.10.2022 03:15:09
  • Zuletzt bearbeitet 15.05.2025 17:15:47

powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstat...

7.5

CVE-2021-36369

  • EPSS 0.14%
  • Veröffentlicht 12.10.2022 21:15:09
  • Zuletzt bearbeitet 15.05.2025 19:15:53

An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypa...

9.8

CVE-2022-37601

Exploit
  • EPSS 19.28%
  • Veröffentlicht 12.10.2022 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:15:02

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.

7.5

CVE-2022-41404

Exploit
  • EPSS 0.75%
  • Veröffentlicht 11.10.2022 23:15:10
  • Zuletzt bearbeitet 09.06.2025 16:15:33

An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.