Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.
Source: Debian GNU/Linux
Max CVSS
4.3
EPSS Score
0.20%
Published
2022-08-27
Updated
2022-11-16
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Source: Debian GNU/Linux
Max CVSS
9.8
EPSS Score
0.86%
Published
2022-05-26
Updated
2022-12-03

CVE-2022-0543

Known exploited
Public exploit
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Source: Debian GNU/Linux
Max CVSS
10.0
EPSS Score
97.11%
Published
2022-02-18
Updated
2023-09-29
CISA KEV Added
2022-03-28
It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.
Source: Debian GNU/Linux
Max CVSS
9.8
EPSS Score
0.18%
Published
2022-02-11
Updated
2022-02-22
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.
Source: Debian GNU/Linux
Max CVSS
5.5
EPSS Score
0.04%
Published
2020-05-26
Updated
2022-04-28
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.
Source: Debian GNU/Linux
Max CVSS
7.5
EPSS Score
0.22%
Published
2020-05-26
Updated
2022-04-28
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.
Source: Debian GNU/Linux
Max CVSS
5.5
EPSS Score
0.13%
Published
2020-05-15
Updated
2022-04-27
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.
Source: Debian GNU/Linux
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-12-23
Updated
2022-12-22
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
Source: Debian GNU/Linux
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-11-20
Updated
2019-12-03
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
Source: Debian GNU/Linux
Max CVSS
8.8
EPSS Score
0.23%
Published
2019-11-07
Updated
2020-08-24
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Source: Debian GNU/Linux
Max CVSS
9.8
EPSS Score
1.91%
Published
2019-02-06
Updated
2021-07-21
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
Source: Debian GNU/Linux
Max CVSS
9.8
EPSS Score
1.91%
Published
2019-02-06
Updated
2021-07-21
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
Source: Debian GNU/Linux
Max CVSS
9.3
EPSS Score
3.61%
Published
2019-01-28
Updated
2020-08-24
Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14.
Source: Debian GNU/Linux
Max CVSS
7.0
EPSS Score
0.04%
Published
2019-02-04
Updated
2019-07-29
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
Source: Debian GNU/Linux
Max CVSS
6.5
EPSS Score
0.21%
Published
2019-04-11
Updated
2022-04-22
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
Source: Debian GNU/Linux
Max CVSS
6.5
EPSS Score
0.21%
Published
2019-04-11
Updated
2022-04-22
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
Source: Debian GNU/Linux
Max CVSS
9.8
EPSS Score
1.00%
Published
2018-09-05
Updated
2020-12-01
Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.
Source: Debian GNU/Linux
Max CVSS
5.3
EPSS Score
0.18%
Published
2018-10-04
Updated
2018-11-23
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
Source: Debian GNU/Linux
Max CVSS
6.5
EPSS Score
1.19%
Published
2018-10-04
Updated
2019-10-18
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
Source: Debian GNU/Linux
Max CVSS
6.5
EPSS Score
0.26%
Published
2018-10-04
Updated
2019-10-29
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
Source: Debian GNU/Linux
Max CVSS
4.3
EPSS Score
0.29%
Published
2018-10-04
Updated
2019-10-18
An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.
Source: Debian GNU/Linux
Max CVSS
9.8
EPSS Score
0.92%
Published
2018-09-05
Updated
2020-12-01
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
Source: Debian GNU/Linux
Max CVSS
5.9
EPSS Score
0.18%
Published
2018-08-21
Updated
2019-01-17
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
Source: Debian GNU/Linux
Max CVSS
9.8
EPSS Score
1.33%
Published
2018-07-11
Updated
2020-08-24
A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().
Source: Debian GNU/Linux
Max CVSS
6.1
EPSS Score
0.13%
Published
2018-07-02
Updated
2018-08-28
633 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!