Filtered by vendor Debian
Subscribe
Total
8236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-32762 | 5 Debian, Fedoraproject, Netapp and 2 more | 6 Debian Linux, Fedora, Management Services For Element Software and 3 more | 2022-10-06 | 9.0 HIGH | 8.8 HIGH |
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. | |||||
CVE-2021-32675 | 5 Debian, Fedoraproject, Netapp and 2 more | 6 Debian Linux, Fedora, Management Services For Element Software and 3 more | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates. | |||||
CVE-2021-32672 | 6 Debian, Fedoraproject, Netapp and 3 more | 8 Debian Linux, Fedora, Management Services For Element Software and 5 more | 2022-10-06 | 4.0 MEDIUM | 4.3 MEDIUM |
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. | |||||
CVE-2018-16881 | 3 Debian, Redhat, Rsyslog | 13 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 10 more | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. | |||||
CVE-2022-29155 | 3 Debian, Netapp, Openldap | 14 Debian Linux, H300s, H300s Firmware and 11 more | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. | |||||
CVE-2022-25857 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2022-10-06 | N/A | 7.5 HIGH |
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. | |||||
CVE-2021-4159 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2022-10-06 | N/A | 4.4 MEDIUM |
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. | |||||
CVE-2022-22822 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2017-3313 | 5 Canonical, Debian, Mariadb and 2 more | 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more | 2022-10-06 | 1.5 LOW | 4.7 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts). | |||||
CVE-2022-22824 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2022-22823 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2022-22825 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2018-11496 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2022-10-06 | 4.3 MEDIUM | 6.5 MEDIUM |
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. | |||||
CVE-2018-5747 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2022-10-06 | 4.3 MEDIUM | 5.5 MEDIUM |
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. | |||||
CVE-2022-38749 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2022-10-06 | N/A | 6.5 MEDIUM |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | |||||
CVE-2022-22827 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2022-38750 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2022-10-06 | N/A | 5.5 MEDIUM |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | |||||
CVE-2022-38751 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2022-10-06 | N/A | 6.5 MEDIUM |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | |||||
CVE-2022-22826 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2022-21496 | 3 Debian, Netapp, Oracle | 16 Debian Linux, Active Iq Unified Manager, Bootstrap Os and 13 more | 2022-10-05 | 5.0 MEDIUM | 5.3 MEDIUM |
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). |