Debian

Debian Linux

9302 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2024-5696

  • EPSS 2.24%
  • Veröffentlicht 11.06.2024 13:15:51
  • Zuletzt bearbeitet 06.11.2025 22:25:36

By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

4.3

CVE-2024-5690

  • EPSS 3.72%
  • Veröffentlicht 11.06.2024 13:15:50
  • Zuletzt bearbeitet 26.03.2025 14:15:31

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

7.8

CVE-2024-36971

Warnung
  • EPSS 0.44%
  • Veröffentlicht 10.06.2024 09:15:09
  • Zuletzt bearbeitet 05.11.2025 19:19:56

In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we ...

6.1

CVE-2024-37384

  • EPSS 0.4%
  • Veröffentlicht 07.06.2024 04:15:30
  • Zuletzt bearbeitet 01.05.2025 19:51:01

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.

6.1

CVE-2024-37383

Warnung
  • EPSS 66.36%
  • Veröffentlicht 07.06.2024 04:15:30
  • Zuletzt bearbeitet 31.10.2025 12:48:27

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.

8.1

CVE-2024-5629

  • EPSS 0.09%
  • Veröffentlicht 05.06.2024 15:15:12
  • Zuletzt bearbeitet 21.11.2024 09:48:02

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.

9.1

CVE-2024-5197

Exploit
  • EPSS 0.22%
  • Veröffentlicht 03.06.2024 14:15:09
  • Zuletzt bearbeitet 22.07.2025 18:17:56

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of t...

7.1

CVE-2024-36960

  • EPSS 0.01%
  • Veröffentlicht 03.06.2024 08:15:09
  • Zuletzt bearbeitet 01.04.2025 18:36:15

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was...

5.5

CVE-2024-36954

  • EPSS 0.02%
  • Veröffentlicht 30.05.2024 16:15:18
  • Zuletzt bearbeitet 14.01.2025 16:27:50

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on...

5.5

CVE-2024-36941

  • EPSS 0.02%
  • Veröffentlicht 30.05.2024 16:15:17
  • Zuletzt bearbeitet 20.05.2025 15:16:04

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here.