Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 5293 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-24511 3 Debian, Intel, Netapp 5 Debian Linux, Microcode, Fas\/aff Bios and 2 more 2021-07-26 2.1 LOW 6.5 MEDIUM
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-24513 2 Debian, Intel 65 Debian Linux, Atom C3308, Atom C3336 and 62 more 2021-07-26 2.1 LOW 6.5 MEDIUM
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-24489 2 Debian, Intel 214 Debian Linux, Atom X5-e3930, Atom X5-e3940 and 211 more 2021-07-26 4.6 MEDIUM 8.8 HIGH
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-24512 3 Debian, Intel, Netapp 5 Debian Linux, Microcode, Fas\/aff Bios and 2 more 2021-07-26 2.1 LOW 3.3 LOW
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2021-21295 4 Debian, Netapp, Netty and 1 more 5 Debian Linux, Oncommand Api Services, Oncommand Workflow Automation and 2 more 2021-07-26 2.6 LOW 5.9 MEDIUM
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CVE-2019-10181 3 Debian, Icedtea-web Project, Opensuse 3 Debian Linux, Icedtea-web, Leap 2021-07-24 6.8 MEDIUM 8.1 HIGH
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
CVE-2020-13959 2 Apache, Debian 2 Velocity Tools, Debian Linux 2021-07-24 4.3 MEDIUM 6.1 MEDIUM
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.
CVE-2020-13936 2 Apache, Debian 3 Velocity Engine, Wss4j, Debian Linux 2021-07-24 9.0 HIGH 8.8 HIGH
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
CVE-2020-14409 3 Debian, Fedoraproject, Libsdl 3 Debian Linux, Fedora, Simple Directmedia Layer 2021-07-24 6.8 MEDIUM 7.8 HIGH
SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.
CVE-2019-10185 3 Debian, Icedtea-web Project, Opensuse 3 Debian Linux, Icedtea-web, Leap 2021-07-24 6.4 MEDIUM 8.6 HIGH
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.
CVE-2020-36281 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2021-07-24 5.0 MEDIUM 7.5 HIGH
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.
CVE-2020-36278 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2021-07-24 5.0 MEDIUM 7.5 HIGH
Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.
CVE-2020-36279 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2021-07-24 5.0 MEDIUM 7.5 HIGH
Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.
CVE-2020-14410 3 Debian, Fedoraproject, Libsdl 3 Debian Linux, Fedora, Simple Directmedia Layer 2021-07-24 5.8 MEDIUM 5.4 MEDIUM
SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.
CVE-2021-3518 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Enterprise Linux and 2 more 2021-07-23 6.8 MEDIUM 8.8 HIGH
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
CVE-2021-28169 2 Debian, Eclipse 2 Debian Linux, Jetty 2021-07-22 5.0 MEDIUM 5.3 MEDIUM
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
CVE-2020-7069 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-07-22 6.4 MEDIUM 6.5 MEDIUM
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
CVE-2021-21702 3 Debian, Netapp, Php 3 Debian Linux, Clustered Data Ontap, Php 2021-07-22 5.0 MEDIUM 7.5 HIGH
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
CVE-2020-7071 3 Debian, Netapp, Php 3 Debian Linux, Clustered Data Ontap, Php 2021-07-22 5.0 MEDIUM 5.3 MEDIUM
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
CVE-2019-16168 7 Canonical, Debian, Fedoraproject and 4 more 19 Ubuntu Linux, Debian Linux, Fedora and 16 more 2021-07-22 4.3 MEDIUM 6.5 MEDIUM
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."