Debian

Debian Linux

9142 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-24038

Exploit
  • EPSS 0.07%
  • Veröffentlicht 21.01.2023 01:15:15
  • Zuletzt bearbeitet 02.04.2025 16:15:32

The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.

7.5

CVE-2023-24021

  • EPSS 0.09%
  • Veröffentlicht 20.01.2023 19:15:18
  • Zuletzt bearbeitet 02.04.2025 17:15:34

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.

7.5

CVE-2022-48279

  • EPSS 0.51%
  • Veröffentlicht 20.01.2023 19:15:17
  • Zuletzt bearbeitet 03.07.2025 20:59:18

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C l...

6.5

CVE-2022-47950

Exploit
  • EPSS 0.18%
  • Veröffentlicht 18.01.2023 17:15:10
  • Zuletzt bearbeitet 04.04.2025 16:15:16

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthor...

7.8

CVE-2023-22809

Exploit
  • EPSS 50.16%
  • Veröffentlicht 18.01.2023 17:15:10
  • Zuletzt bearbeitet 04.04.2025 16:15:16

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to proce...

5.5

CVE-2022-47929

Exploit
  • EPSS 0.03%
  • Veröffentlicht 17.01.2023 21:15:14
  • Zuletzt bearbeitet 04.04.2025 18:15:43

In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and...

8

CVE-2022-46648

  • EPSS 1.77%
  • Veröffentlicht 17.01.2023 10:15:11
  • Zuletzt bearbeitet 21.11.2024 07:30:51

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47...

8

CVE-2022-47318

  • EPSS 0.69%
  • Veröffentlicht 17.01.2023 10:15:11
  • Zuletzt bearbeitet 04.04.2025 16:15:16

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46...

6.5

CVE-2023-23589

Exploit
  • EPSS 0.24%
  • Veröffentlicht 14.01.2023 01:15:15
  • Zuletzt bearbeitet 07.04.2025 19:15:52

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

7.8

CVE-2023-23559

  • EPSS 0.02%
  • Veröffentlicht 13.01.2023 01:15:10
  • Zuletzt bearbeitet 05.05.2025 16:15:30

In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.