Vulnerabilities in Debian

26 results
CVE-2022-0543CRITICALIt was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escapeEPSS 99.7%KEVCVE-2022-1664directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tarEPSS 2.9%CVE-2017-5333Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to EPSS 2.2%CVE-2017-5332The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local useEPSS 2.1%CVE-2017-0359diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archiveEPSS 1.9%CVE-2020-3811qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.EPSS 1.8%CVE-2021-20001It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure peEPSS 1.6%CVE-2018-5735HIGHBackport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858EPSS 1.4%CVE-2020-3810Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specialEPSS 1.3%CVE-2016-1239duck before 0.10 did not properly handle loading of untrusted code from the current directory.EPSS 1.2%CVE-2023-7207MEDIUMDebian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regreEPSS 0.9%CVE-2022-2787stricter rules on chroot namesEPSS 0.8%CVE-2012-1093The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation dEPSS 0.6%CVE-2019-3467Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too perEPSS 0.5%CVE-2017-5331Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of serEPSS 0.5%CVE-2014-7210CRITICALpdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scrEPSS 0.4%CVE-2020-3812qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of fiEPSS 0.4%CVE-2026-2219HIGHIt was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data sEPSS 0.4%CVE-2024-2312MEDIUMGRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks afterEPSS 0.4%CVE-2025-6297HIGHdpkg-deb: Fix cleanup for control member with restricted directoriesEPSS 0.3%