Filtered by vendor Debian
Subscribe
Total
9004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3643 | 3 Broadcom, Debian, Linux | 3 Bcm5780, Debian Linux, Linux Kernel | 2024-02-28 | N/A | 6.5 MEDIUM |
| Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. | |||||
| CVE-2023-24758 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-28 | N/A | 5.5 MEDIUM |
| libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||||
| CVE-2023-23920 | 2 Debian, Nodejs | 2 Debian Linux, Node.js | 2024-02-28 | N/A | 4.2 MEDIUM |
| An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. | |||||
| CVE-2022-45685 | 2 Debian, Jettison Project | 2 Debian Linux, Jettison | 2024-02-28 | N/A | 7.5 HIGH |
| A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. | |||||
| CVE-2022-46338 | 2 Debian, G810-led Project | 2 Debian Linux, G810-led | 2024-02-28 | N/A | 6.5 MEDIUM |
| g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data. | |||||
| CVE-2022-41988 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-28 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-0412 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | N/A | 7.1 HIGH |
| TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file | |||||
| CVE-2022-43594 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-28 | N/A | 5.9 MEDIUM |
| Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .bmp files. | |||||
| CVE-2022-43548 | 2 Debian, Nodejs | 2 Debian Linux, Node.js | 2024-02-28 | N/A | 8.1 HIGH |
| A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | |||||
| CVE-2022-34670 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2024-02-28 | N/A | 7.8 HIGH |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure. | |||||
| CVE-2022-4338 | 2 Debian, Openvswitch | 2 Debian Linux, Openvswitch | 2024-02-28 | N/A | 9.8 CRITICAL |
| An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | |||||
| CVE-2023-23454 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
| cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | |||||
| CVE-2022-23468 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2024-02-28 | N/A | 9.8 CRITICAL |
| xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade. | |||||
| CVE-2022-47518 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2024-02-28 | N/A | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames. | |||||
| CVE-2022-43602 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-28 | N/A | 8.1 HIGH |
| Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` | |||||
| CVE-2022-45442 | 2 Debian, Sinatrarb | 2 Debian Linux, Sinatra | 2024-02-28 | N/A | 8.8 HIGH |
| Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. | |||||
| CVE-2023-25221 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-28 | N/A | 7.8 HIGH |
| Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. | |||||
| CVE-2022-43600 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-28 | N/A | 8.1 HIGH |
| Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` | |||||
| CVE-2022-23478 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2024-02-28 | N/A | 9.8 CRITICAL |
| xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade. | |||||
| CVE-2022-47318 | 3 Debian, Fedoraproject, Ruby-git Project | 3 Debian Linux, Fedora, Ruby-git | 2024-02-28 | N/A | 8.0 HIGH |
| ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648. | |||||