Filtered by vendor Debian
Subscribe
Total
9004 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3625 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. | |||||
CVE-2022-41404 | 2 Debian, Ini4j Project | 2 Debian Linux, Ini4j | 2024-02-28 | N/A | 7.5 HIGH |
An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||||
CVE-2022-45062 | 3 Debian, Fedoraproject, Xfce | 3 Debian Linux, Fedora, Xfce4-settings | 2024-02-28 | N/A | 9.8 CRITICAL |
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. | |||||
CVE-2022-43253 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-28 | N/A | 6.5 MEDIUM |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
CVE-2022-43239 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-02-28 | N/A | 6.5 MEDIUM |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
CVE-2022-0718 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Oslo.utils, Openshift Container Platform and 1 more | 2024-02-28 | N/A | 4.9 MEDIUM |
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. | |||||
CVE-2022-2978 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | N/A | 7.8 HIGH |
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | |||||
CVE-2022-3235 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-02-28 | N/A | 7.8 HIGH |
Use After Free in GitHub repository vim/vim prior to 9.0.0490. | |||||
CVE-2022-38851 | 2 Debian, Mplayerhq | 3 Debian Linux, Mencoder, Mplayer | 2024-02-28 | N/A | 5.5 MEDIUM |
Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | |||||
CVE-2022-38648 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-02-28 | N/A | 5.3 MEDIUM |
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. | |||||
CVE-2022-22728 | 3 Apache, Debian, Fedoraproject | 3 Libapreq2, Debian Linux, Fedora | 2024-02-28 | N/A | 7.5 HIGH |
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. | |||||
CVE-2022-32212 | 4 Debian, Fedoraproject, Nodejs and 1 more | 4 Debian Linux, Fedora, Node.js and 1 more | 2024-02-28 | N/A | 8.1 HIGH |
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | |||||
CVE-2022-32087 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. | |||||
CVE-2022-30287 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-02-28 | N/A | 8.0 HIGH |
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. | |||||
CVE-2022-44792 | 3 Debian, Net-snmp, Netapp | 10 Debian Linux, Net-snmp, H300s and 7 more | 2024-02-28 | N/A | 6.5 MEDIUM |
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | |||||
CVE-2022-3599 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Active Iq Unified Manager | 2024-02-28 | N/A | 6.5 MEDIUM |
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. | |||||
CVE-2022-29900 | 4 Amd, Debian, Fedoraproject and 1 more | 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | |||||
CVE-2022-44793 | 3 Debian, Net-snmp, Netapp | 10 Debian Linux, Net-snmp, H300s and 7 more | 2024-02-28 | N/A | 6.5 MEDIUM |
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | |||||
CVE-2022-41853 | 2 Debian, Hsqldb | 2 Debian Linux, Hypersql Database | 2024-02-28 | N/A | 9.8 CRITICAL |
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled. | |||||
CVE-2022-37616 | 2 Debian, Xmldom Project | 2 Debian Linux, Xmldom | 2024-02-28 | N/A | 9.8 CRITICAL |
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted." |