Total
8865 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-22795 | 3 Debian, Ruby-lang, Rubyonrails | 3 Debian Linux, Ruby, Rails | 2024-02-28 | N/A | 7.5 HIGH |
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. | |||||
CVE-2023-24757 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-28 | N/A | 5.5 MEDIUM |
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||||
CVE-2022-41838 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-28 | N/A | 9.8 CRITICAL |
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2023-23009 | 2 Debian, Libreswan | 2 Debian Linux, Libreswan | 2024-02-28 | N/A | 6.5 MEDIUM |
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. | |||||
CVE-2022-46648 | 2 Debian, Ruby-git Project | 2 Debian Linux, Ruby-git | 2024-02-28 | N/A | 8.0 HIGH |
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318. | |||||
CVE-2022-4283 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | |||||
CVE-2023-24755 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-28 | N/A | 5.5 MEDIUM |
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||||
CVE-2023-24754 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-28 | N/A | 5.5 MEDIUM |
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||||
CVE-2022-34680 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2024-02-28 | N/A | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. | |||||
CVE-2022-4337 | 2 Debian, Openvswitch | 2 Debian Linux, Openvswitch | 2024-02-28 | N/A | 9.8 CRITICAL |
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. | |||||
CVE-2022-46342 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-28 | N/A | 8.8 HIGH |
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se | |||||
CVE-2022-4515 | 2 Debian, Exuberant Ctags Project | 2 Debian Linux, Exuberant Ctags | 2024-02-28 | N/A | 7.8 HIGH |
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. | |||||
CVE-2020-36659 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Apache\ | 2024-02-28 | N/A | 8.1 HIGH |
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix. | |||||
CVE-2022-43601 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-28 | N/A | 8.1 HIGH |
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` | |||||
CVE-2022-42329 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). | |||||
CVE-2022-45939 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Emacs | 2024-02-28 | N/A | 7.8 HIGH |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
CVE-2022-43592 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-28 | N/A | 5.9 MEDIUM |
An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability. | |||||
CVE-2023-24021 | 2 Debian, Trustwave | 2 Debian Linux, Modsecurity | 2024-02-28 | N/A | 7.5 HIGH |
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | |||||
CVE-2023-23455 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | |||||
CVE-2022-47950 | 2 Debian, Openstack | 2 Debian Linux, Swift | 2024-02-28 | N/A | 6.5 MEDIUM |
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). |