Debian

Debian Linux

9997 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 70.48%
  • Veröffentlicht 28.07.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 07:02:30

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.

  • EPSS 0.92%
  • Veröffentlicht 28.07.2022 15:15:07
  • Zuletzt bearbeitet 21.11.2024 07:01:14

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes...

  • EPSS 5.54%
  • Veröffentlicht 27.07.2022 20:15:08
  • Zuletzt bearbeitet 05.05.2025 16:15:18

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encou...

  • EPSS 0.31%
  • Veröffentlicht 27.07.2022 04:15:10
  • Zuletzt bearbeitet 05.05.2025 16:15:17

An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

  • EPSS 0.29%
  • Veröffentlicht 26.07.2022 13:15:10
  • Zuletzt bearbeitet 21.11.2024 07:08:27

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code ...

  • EPSS 0.8%
  • Veröffentlicht 25.07.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:53:43

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization ...

  • EPSS 1.14%
  • Veröffentlicht 25.07.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:53:43

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encode...

Exploit
  • EPSS 1.64%
  • Veröffentlicht 25.07.2022 14:15:10
  • Zuletzt bearbeitet 21.11.2024 05:37:35

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.

Exploit
  • EPSS 0.75%
  • Veröffentlicht 24.07.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:34:46

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code exe...

Exploit
  • EPSS 1.79%
  • Veröffentlicht 22.07.2022 04:15:14
  • Zuletzt bearbeitet 21.11.2024 07:04:02

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to rela...