Debian

Debian Linux

9142 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2023-28686

  • EPSS 0.16%
  • Veröffentlicht 24.03.2023 04:15:55
  • Zuletzt bearbeitet 19.02.2025 22:15:16

Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then...

7.8

CVE-2023-0386

Warnung
  • EPSS 56.35%
  • Veröffentlicht 22.03.2023 21:15:18
  • Zuletzt bearbeitet 18.06.2025 15:00:59

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This...

8.6

CVE-2022-42333

  • EPSS 0.41%
  • Veröffentlicht 21.03.2023 13:15:12
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an ...

6.5

CVE-2022-42334

  • EPSS 0.05%
  • Veröffentlicht 21.03.2023 13:15:12
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an ...

7.8

CVE-2022-42332

  • EPSS 0.03%
  • Veröffentlicht 21.03.2023 13:15:11
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory...

7

CVE-2023-28466

  • EPSS 0.02%
  • Veröffentlicht 16.03.2023 00:15:11
  • Zuletzt bearbeitet 05.05.2025 16:15:34

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

7.5

CVE-2023-27530

  • EPSS 2.06%
  • Veröffentlicht 10.03.2023 22:15:10
  • Zuletzt bearbeitet 13.02.2025 15:37:40

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

7.5

CVE-2023-27522

  • EPSS 0.7%
  • Veröffentlicht 07.03.2023 16:15:09
  • Zuletzt bearbeitet 01.05.2025 15:34:19

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the cli...

6

CVE-2023-0330

  • EPSS 0.02%
  • Veröffentlicht 06.03.2023 23:15:11
  • Zuletzt bearbeitet 21.11.2024 07:36:59

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

7.1

CVE-2023-1161

  • EPSS 0.11%
  • Veröffentlicht 06.03.2023 21:15:10
  • Zuletzt bearbeitet 05.03.2025 21:15:15

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file