Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24851 2 Debian, Ldap-account-manager 2 Debian Linux, Ldap Account Manager 2022-10-07 3.5 LOW 4.8 MEDIUM
LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. The pdf editor tool has an edit pdf profile functionality, the logoFile parameter in it is not properly sanitized and an user can enter relative paths like ../../../../../../../../../../../../../usr/share/icons/hicolor/48x48/apps/gvim.png via tools like burpsuite. Later when a pdf is exported using the edited profile the pdf icon has the image on that path(if image is present). Both issues require an attacker to be able to login to LAM admin interface. The issue is fixed in version 7.9.1.
CVE-2020-8865 2 Debian, Horde 2 Debian Linux, Groupware 2022-10-07 6.5 MEDIUM 6.3 MEDIUM
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469.
CVE-2019-1010315 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2022-10-07 4.3 MEDIUM 5.5 MEDIUM
WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.
CVE-2020-6565 5 Apple, Debian, Fedoraproject and 2 more 6 Iphone Os, Debian Linux, Fedora and 3 more 2022-10-07 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-25235 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-07 7.5 HIGH 9.8 CRITICAL
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2020-6566 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2022-10-07 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-11135 9 Canonical, Debian, Fedoraproject and 6 more 304 Ubuntu Linux, Debian Linux, Fedora and 301 more 2022-10-07 2.1 LOW 6.5 MEDIUM
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVE-2019-11840 2 Debian, Golang 2 Debian Linux, Crypto 2022-10-07 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.
CVE-2022-25313 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-07 4.3 MEDIUM 6.5 MEDIUM
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2021-3634 6 Debian, Fedoraproject, Libssh and 3 more 7 Debian Linux, Fedora, Libssh and 4 more 2022-10-07 4.0 MEDIUM 6.5 MEDIUM
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
CVE-2022-1271 3 Debian, Gnu, Redhat 3 Debian Linux, Gzip, Jboss Data Grid 2022-10-07 N/A 8.8 HIGH
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
CVE-2022-2122 2 Debian, Gstreamer Project 2 Debian Linux, Gstreamer 2022-10-07 N/A 7.8 HIGH
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.
CVE-2022-1920 2 Debian, Gstreamer Project 2 Debian Linux, Gstreamer 2022-10-07 N/A 7.8 HIGH
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.
CVE-2020-6425 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2022-10-07 5.8 MEDIUM 5.4 MEDIUM
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
CVE-2019-11498 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2022-10-07 4.3 MEDIUM 6.5 MEDIUM
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
CVE-2019-17563 5 Apache, Canonical, Debian and 2 more 11 Tomcat, Ubuntu Linux, Debian Linux and 8 more 2022-10-07 5.1 MEDIUM 7.5 HIGH
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
CVE-2017-15108 2 Debian, Spice-space 2 Debian Linux, Spice-vdagent 2022-10-07 4.6 MEDIUM 7.8 HIGH
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
CVE-2020-9490 7 Apache, Canonical, Debian and 4 more 25 Http Server, Ubuntu Linux, Debian Linux and 22 more 2022-10-07 5.0 MEDIUM 7.5 HIGH
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
CVE-2020-9274 4 Canonical, Debian, Fedoraproject and 1 more 5 Ubuntu Linux, Debian Linux, Extra Packages For Enterprise Linux and 2 more 2022-10-07 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
CVE-2021-23133 5 Broadcom, Debian, Fedoraproject and 2 more 24 Brocade Fabric Operating System, Debian Linux, Fedora and 21 more 2022-10-06 6.9 MEDIUM 7.0 HIGH
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.