Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 7552 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-42722 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-11-21 N/A 5.5 MEDIUM
In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.
CVE-2022-42721 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-11-21 N/A 5.5 MEDIUM
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
CVE-2022-42720 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-11-21 N/A 7.8 HIGH
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
CVE-2021-28660 4 Debian, Fedoraproject, Linux and 1 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2022-11-21 8.3 HIGH 8.8 HIGH
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
CVE-2022-39261 4 Debian, Drupal, Fedoraproject and 1 more 4 Debian Linux, Drupal, Fedora and 1 more 2022-11-21 N/A 7.5 HIGH
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.
CVE-2021-3999 3 Debian, Gnu, Netapp 15 Debian Linux, Glibc, E-series Performance Analyzer and 12 more 2022-11-21 N/A 7.8 HIGH
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
CVE-2022-2663 2 Debian, Linux 2 Debian Linux, Linux Kernel 2022-11-21 N/A 5.3 MEDIUM
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
CVE-2020-25596 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.
CVE-2020-12460 3 Debian, Fedoraproject, Trusteddomain 3 Debian Linux, Fedora, Opendmarc 2022-11-21 7.5 HIGH 9.8 CRITICAL
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.
CVE-2022-25763 3 Apache, Debian, Fedoraproject 3 Traffic Server, Debian Linux, Fedora 2022-11-21 N/A 7.5 HIGH
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVE-2022-31779 3 Apache, Debian, Fedoraproject 3 Traffic Server, Debian Linux, Fedora 2022-11-21 N/A 7.5 HIGH
Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVE-2020-14356 6 Canonical, Debian, Linux and 3 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2022-11-18 7.2 HIGH 7.8 HIGH
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2013-0900 5 Apple, Debian, Google and 2 more 5 Mac Os X, Debian Linux, Chrome and 2 more 2022-11-18 6.8 MEDIUM N/A
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2022-22577 2 Debian, Rubyonrails 2 Debian Linux, Actionpack 2022-11-18 4.3 MEDIUM 6.1 MEDIUM
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.
CVE-2022-43680 3 Debian, Fedoraproject, Libexpat Project 3 Debian Linux, Fedora, Libexpat 2022-11-18 N/A 7.5 HIGH
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVE-2021-3796 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2022-11-18 6.8 MEDIUM 7.3 HIGH
vim is vulnerable to Use After Free
CVE-2022-21831 2 Debian, Rubyonrails 2 Debian Linux, Active Storage 2022-11-18 6.8 MEDIUM 9.8 CRITICAL
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
CVE-2021-3778 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2022-11-18 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Heap-based Buffer Overflow
CVE-2022-24763 2 Debian, Pjsip 2 Debian Linux, Pjsip 2022-11-18 5.0 MEDIUM 7.5 HIGH
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.
CVE-2021-43845 2 Debian, Teluu 2 Debian Linux, Pjsip 2022-11-18 6.4 MEDIUM 9.1 CRITICAL
PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.