Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 8001 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-11358 2 Debian, Sound Exchange Project 2 Debian Linux, Sound Exchange 2023-02-05 4.3 MEDIUM 5.5 MEDIUM
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
CVE-2023-22809 3 Debian, Fedoraproject, Sudo Project 3 Debian Linux, Fedora, Sudo 2023-02-05 N/A 7.8 HIGH
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
CVE-2018-3838 2 Debian, Libsdl 2 Debian Linux, Sdl Image 2023-02-04 4.3 MEDIUM 6.5 MEDIUM
An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2019-13749 5 Apple, Debian, Fedoraproject and 2 more 8 Iphone Os, Debian Linux, Fedora and 5 more 2023-02-04 4.3 MEDIUM 6.5 MEDIUM
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2019-13754 4 Debian, Fedoraproject, Google and 1 more 7 Debian Linux, Fedora, Chrome and 4 more 2023-02-04 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2019-13750 5 Canonical, Debian, Fedoraproject and 2 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2023-02-04 4.3 MEDIUM 6.5 MEDIUM
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.
CVE-2022-28356 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-02-03 2.1 LOW 5.5 MEDIUM
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVE-2021-4197 5 Broadcom, Debian, Linux and 2 more 14 Brocade Fabric Operating System Firmware, Debian Linux, Linux Kernel and 11 more 2023-02-03 7.2 HIGH 7.8 HIGH
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2019-18422 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2023-02-03 8.5 HIGH 8.8 HIGH
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.
CVE-2019-13725 4 Debian, Fedoraproject, Google and 1 more 7 Debian Linux, Fedora, Chrome and 4 more 2023-02-03 6.8 MEDIUM 8.8 HIGH
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2021-3475 2 Debian, Openexr 2 Debian Linux, Openexr 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
CVE-2021-3474 2 Debian, Openexr 2 Debian Linux, Openexr 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
CVE-2020-16588 2 Debian, Openexr 2 Debian Linux, Openexr 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
CVE-2022-41853 2 Debian, Hsqldb 2 Debian Linux, Hypersql Database 2023-02-03 N/A 9.8 CRITICAL
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
CVE-2019-17349 2 Debian, Xen 2 Debian Linux, Xen 2023-02-03 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.
CVE-2021-3941 4 Debian, Fedoraproject, Openexr and 1 more 4 Debian Linux, Fedora, Openexr and 1 more 2023-02-03 2.1 LOW 6.5 MEDIUM
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
CVE-2021-3933 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
CVE-2022-0730 3 Cacti, Debian, Fedoraproject 3 Cacti, Debian Linux, Fedora 2023-02-03 6.8 MEDIUM 9.8 CRITICAL
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
CVE-2021-45942 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.
CVE-2021-26260 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.