Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 8963 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6345 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-06-17 N/A 9.6 CRITICAL
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
CVE-2023-42883 2 Apple, Debian 7 Ipados, Iphone Os, Macos and 4 more 2024-06-12 N/A 5.5 MEDIUM
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.
CVE-2018-8754 2 Debian, Libevt Project 2 Debian Linux, Libevt 2024-06-11 2.1 LOW 5.5 MEDIUM
The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub
CVE-2019-25038 2 Debian, Nlnetlabs 2 Debian Linux, Unbound 2024-06-11 7.5 HIGH 9.8 CRITICAL
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2024-0567 4 Debian, Fedoraproject, Gnu and 1 more 4 Debian Linux, Fedora, Gnutls and 1 more 2024-06-10 N/A 7.5 HIGH
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
CVE-2023-32067 3 C-ares Project, Debian, Fedoraproject 3 C-ares, Debian Linux, Fedora 2024-06-10 N/A 7.5 HIGH
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
CVE-2023-20593 3 Amd, Debian, Xen 140 Athlon Gold 7220u, Athlon Gold 7220u Firmware, Epyc 7232p and 137 more 2024-06-10 N/A 5.5 MEDIUM
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
CVE-2023-20588 5 Amd, Debian, Fedoraproject and 2 more 78 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 75 more 2024-06-10 N/A 5.5 MEDIUM
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 
CVE-2022-39253 4 Apple, Debian, Fedoraproject and 1 more 4 Xcode, Debian Linux, Fedora and 1 more 2024-06-10 N/A 5.5 MEDIUM
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.
CVE-2023-3550 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-06-10 N/A 7.3 HIGH
Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.
CVE-2023-31130 3 C-ares Project, Debian, Fedoraproject 3 C-ares, Debian Linux, Fedora 2024-06-10 N/A 6.4 MEDIUM
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
CVE-2023-20569 4 Amd, Debian, Fedoraproject and 1 more 296 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 293 more 2024-06-10 N/A 4.7 MEDIUM
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
CVE-2023-7101 3 Debian, Fedoraproject, Jmcnamara 3 Debian Linux, Fedora, Spreadsheet\ 2024-06-10 N/A 7.8 HIGH
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
CVE-2023-7024 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-06-10 N/A 8.8 HIGH
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-4762 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-06-10 N/A 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2021-37147 2 Apache, Debian 2 Traffic Server, Debian Linux 2024-06-10 5.0 MEDIUM 7.5 HIGH
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.
CVE-2019-18683 6 Broadcom, Canonical, Debian and 3 more 23 Fabric Operating System, Ubuntu Linux, Debian Linux and 20 more 2024-06-07 6.9 MEDIUM 7.0 HIGH
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
CVE-2014-8159 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-06-06 6.9 MEDIUM N/A
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
CVE-2017-17514 2 Debian, Nip2 Project 2 Debian Linux, Nip2 2024-06-04 6.8 MEDIUM 8.8 HIGH
boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable
CVE-2021-22543 4 Debian, Fedoraproject, Linux and 1 more 21 Debian Linux, Fedora, Linux Kernel and 18 more 2024-05-29 4.6 MEDIUM 7.8 HIGH
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.