Debian

Debian Linux

9950 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-41853

  • EPSS 70.14%
  • Veröffentlicht 06.10.2022 18:17:07
  • Zuletzt bearbeitet 21.11.2024 07:23:56

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the cla...

7.5

CVE-2022-42003

Exploit
  • EPSS 0.32%
  • Veröffentlicht 02.10.2022 05:15:09
  • Zuletzt bearbeitet 21.11.2024 07:24:15

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enab...

7.5

CVE-2022-42004

Exploit
  • EPSS 0.27%
  • Veröffentlicht 02.10.2022 05:15:09
  • Zuletzt bearbeitet 21.11.2024 07:24:15

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choice...

4.2

CVE-2022-41849

  • EPSS 0.02%
  • Veröffentlicht 30.09.2022 06:15:12
  • Zuletzt bearbeitet 21.11.2024 07:23:56

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_di...

4.7

CVE-2022-41850

  • EPSS 0.03%
  • Veröffentlicht 30.09.2022 06:15:12
  • Zuletzt bearbeitet 21.11.2024 07:23:56

roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.

7.8

CVE-2022-3352

Exploit
  • EPSS 0.03%
  • Veröffentlicht 29.09.2022 12:15:09
  • Zuletzt bearbeitet 21.11.2024 07:19:21

Use After Free in GitHub repository vim/vim prior to 9.0.0614.

9.8

CVE-2016-2338

Exploit
  • EPSS 13.46%
  • Veröffentlicht 29.09.2022 03:15:11
  • Zuletzt bearbeitet 21.11.2024 02:48:15

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed a...

6.5

CVE-2022-31629

Exploit
  • EPSS 15.42%
  • Veröffentlicht 28.09.2022 23:15:10
  • Zuletzt bearbeitet 04.11.2025 18:15:39

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

5.5

CVE-2022-31628

  • EPSS 0.04%
  • Veröffentlicht 28.09.2022 23:15:09
  • Zuletzt bearbeitet 21.11.2024 07:04:53

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

7.8

CVE-2022-1270

Exploit
  • EPSS 0.05%
  • Veröffentlicht 28.09.2022 20:15:10
  • Zuletzt bearbeitet 21.05.2025 15:15:55

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.