Filtered by vendor Debian
Subscribe
Total
9004 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3586 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. | |||||
CVE-2022-3324 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-02-28 | N/A | 7.8 HIGH |
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. | |||||
CVE-2022-1355 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-02-28 | N/A | 6.1 MEDIUM |
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. | |||||
CVE-2022-23825 | 4 Amd, Debian, Fedoraproject and 1 more | 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | |||||
CVE-2022-40674 | 3 Debian, Fedoraproject, Libexpat Project | 3 Debian Linux, Fedora, Libexpat | 2024-02-28 | N/A | 8.1 HIGH |
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | |||||
CVE-2022-38850 | 2 Debian, Mplayerhq | 2 Debian Linux, Mencoder | 2024-02-28 | N/A | 5.5 MEDIUM |
The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c. | |||||
CVE-2022-32293 | 2 Debian, Intel | 2 Debian Linux, Connman | 2024-02-28 | N/A | 8.1 HIGH |
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | |||||
CVE-2022-33744 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. | |||||
CVE-2022-3550 | 3 Debian, Fedoraproject, X.org | 3 Debian Linux, Fedora, X Server | 2024-02-28 | N/A | 8.8 HIGH |
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. | |||||
CVE-2022-40188 | 3 Debian, Fedoraproject, Nic | 3 Debian Linux, Fedora, Knot Resolver | 2024-02-28 | N/A | 7.5 HIGH |
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. | |||||
CVE-2022-20422 | 2 Debian, Google | 2 Debian Linux, Android | 2024-02-28 | N/A | 7.0 HIGH |
In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel | |||||
CVE-2022-43248 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-28 | N/A | 6.5 MEDIUM |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
CVE-2022-41704 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-02-28 | N/A | 7.5 HIGH |
A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. | |||||
CVE-2021-4037 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. | |||||
CVE-2022-40150 | 2 Debian, Jettison Project | 2 Debian Linux, Jettison | 2024-02-28 | N/A | 7.5 HIGH |
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack. | |||||
CVE-2022-39190 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. | |||||
CVE-2017-20148 | 1 Debian | 1 Logcheck | 2024-02-28 | N/A | 9.8 CRITICAL |
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls. | |||||
CVE-2020-21365 | 2 Debian, Wkhtmltopdf | 2 Debian Linux, Wkhtmltopdf | 2024-02-28 | N/A | 7.5 HIGH |
Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. | |||||
CVE-2022-31779 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
CVE-2022-29901 | 5 Debian, Fedoraproject, Intel and 2 more | 254 Debian Linux, Fedora, Core I3-6100 and 251 more | 2024-02-28 | 1.9 LOW | 6.5 MEDIUM |
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. |