Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 9011 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-47518 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-11-21 N/A 7.8 HIGH
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.
CVE-2022-47318 3 Debian, Fedoraproject, Ruby-git Project 3 Debian Linux, Fedora, Ruby-git 2024-11-21 N/A 8.0 HIGH
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.
CVE-2022-47184 2 Apache, Debian 2 Traffic Server, Debian Linux 2024-11-21 N/A 7.5 HIGH
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.
CVE-2022-46877 2 Debian, Mozilla 2 Debian Linux, Firefox 2024-11-21 N/A 4.3 MEDIUM
By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.
CVE-2022-46871 2 Debian, Mozilla 2 Debian Linux, Firefox 2024-11-21 N/A 8.8 HIGH
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.
CVE-2022-46648 2 Debian, Ruby-git Project 2 Debian Linux, Ruby-git 2024-11-21 N/A 8.0 HIGH
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.
CVE-2022-46391 3 Awstats, Debian, Fedoraproject 3 Awstats, Debian Linux, Fedora 2024-11-21 N/A 6.1 MEDIUM
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
CVE-2022-46344 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 N/A 8.8 HIGH
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46343 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 N/A 8.8 HIGH
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46342 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 N/A 8.8 HIGH
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
CVE-2022-46341 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 N/A 8.8 HIGH
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46340 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 N/A 8.8 HIGH
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
CVE-2022-46338 2 Debian, G810-led Project 2 Debian Linux, G810-led 2024-11-21 N/A 6.5 MEDIUM
g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.
CVE-2022-46329 3 Debian, Fedoraproject, Intel 6 Debian Linux, Fedora, Killer and 3 more 2024-11-21 N/A 8.2 HIGH
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-45939 3 Debian, Fedoraproject, Gnu 3 Debian Linux, Fedora, Emacs 2024-11-21 N/A 7.8 HIGH
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
CVE-2022-45934 4 Debian, Fedoraproject, Linux and 1 more 13 Debian Linux, Fedora, Linux Kernel and 10 more 2024-11-21 N/A 7.8 HIGH
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45693 2 Debian, Jettison Project 2 Debian Linux, Jettison 2024-11-21 N/A 7.5 HIGH
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2022-45685 2 Debian, Jettison Project 2 Debian Linux, Jettison 2024-11-21 N/A 7.5 HIGH
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
CVE-2022-45442 2 Debian, Sinatrarb 2 Debian Linux, Sinatra 2024-11-21 N/A 8.8 HIGH
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
CVE-2022-45188 3 Debian, Fedoraproject, Netatalk 3 Debian Linux, Fedora, Netatalk 2024-11-21 N/A 7.8 HIGH
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).