Debian

Debian Linux

9142 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2023-25725

  • EPSS 19.69%
  • Veröffentlicht 14.02.2023 19:15:11
  • Zuletzt bearbeitet 20.03.2025 20:15:29

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to trunca...

7.8

CVE-2023-0770

Exploit
  • EPSS 0.04%
  • Veröffentlicht 09.02.2023 22:15:11
  • Zuletzt bearbeitet 21.11.2024 07:37:47

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.

7.5

CVE-2023-22795

  • EPSS 1.36%
  • Veröffentlicht 09.02.2023 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:45:26

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtrac...

7.5

CVE-2023-23969

  • EPSS 1.01%
  • Veröffentlicht 01.02.2023 19:15:08
  • Zuletzt bearbeitet 27.03.2025 15:15:45

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the ra...

7

CVE-2023-0266

Warnung
  • EPSS 0.03%
  • Veröffentlicht 30.01.2023 14:15:10
  • Zuletzt bearbeitet 16.09.2025 14:15:56

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the syst...

8.1

CVE-2020-36659

  • EPSS 0.13%
  • Veröffentlicht 27.01.2023 05:15:17
  • Zuletzt bearbeitet 03.04.2025 13:15:40

In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example...

8.1

CVE-2020-36658

  • EPSS 0.13%
  • Veröffentlicht 27.01.2023 05:15:12
  • Zuletzt bearbeitet 28.03.2025 18:15:15

In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fix...

5.7

CVE-2022-47951

Exploit
  • EPSS 0.57%
  • Veröffentlicht 26.01.2023 22:15:25
  • Zuletzt bearbeitet 31.03.2025 17:15:39

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image ...

7.1

CVE-2023-0412

  • EPSS 0.09%
  • Veröffentlicht 26.01.2023 21:18:07
  • Zuletzt bearbeitet 02.04.2025 16:15:30

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

5.5

CVE-2022-48281

Exploit
  • EPSS 0.01%
  • Veröffentlicht 23.01.2023 03:15:09
  • Zuletzt bearbeitet 03.04.2025 14:15:23

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.