Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-21476 3 Debian, Netapp, Oracle 16 Debian Linux, Active Iq Unified Manager, Bootstrap Os and 13 more 2022-10-05 5.0 MEDIUM 7.5 HIGH
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2021-45046 6 Apache, Debian, Fedoraproject and 3 more 61 Log4j, Debian Linux, Fedora and 58 more 2022-10-05 5.1 MEDIUM 9.0 CRITICAL
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
CVE-2022-21443 3 Debian, Netapp, Oracle 16 Debian Linux, Active Iq Unified Manager, Bootstrap Os and 13 more 2022-10-05 4.3 MEDIUM 3.7 LOW
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2021-44533 3 Debian, Nodejs, Oracle 9 Debian Linux, Node.js, Graalvm and 6 more 2022-10-05 5.0 MEDIUM 5.3 MEDIUM
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.
CVE-2022-25315 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-05 7.5 HIGH 9.8 CRITICAL
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVE-2022-25314 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-05 5.0 MEDIUM 7.5 HIGH
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVE-2020-29260 2 Debian, Libvncserver Project 2 Debian Linux, Libvncserver 2022-10-05 N/A 7.5 HIGH
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
CVE-2019-15606 5 Debian, Nodejs, Opensuse and 2 more 7 Debian Linux, Node.js, Leap and 4 more 2022-10-05 7.5 HIGH 9.8 CRITICAL
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
CVE-2020-0549 5 Canonical, Debian, Fedoraproject and 2 more 858 Ubuntu Linux, Debian Linux, Fedora and 855 more 2022-10-05 2.1 LOW 5.5 MEDIUM
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-6457 2 Debian, Google 2 Debian Linux, Chrome 2022-10-05 6.8 MEDIUM 9.6 CRITICAL
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6460 2 Debian, Google 2 Debian Linux, Chrome 2022-10-05 4.3 MEDIUM 6.5 MEDIUM
Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name.
CVE-2020-6461 2 Debian, Google 2 Debian Linux, Chrome 2022-10-05 6.8 MEDIUM 9.6 CRITICAL
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6458 2 Debian, Google 2 Debian Linux, Chrome 2022-10-05 6.8 MEDIUM 8.8 HIGH
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2019-12973 4 Debian, Opensuse, Oracle and 1 more 5 Debian Linux, Leap, Database Server and 2 more 2022-10-05 4.3 MEDIUM 5.5 MEDIUM
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
CVE-2020-6466 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2022-10-05 6.8 MEDIUM 9.6 CRITICAL
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6465 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2022-10-05 6.8 MEDIUM 9.6 CRITICAL
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6462 2 Debian, Google 2 Debian Linux, Chrome 2022-10-05 6.8 MEDIUM 9.6 CRITICAL
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2022-29536 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Epiphany 2022-10-05 5.0 MEDIUM 7.5 HIGH
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
CVE-2022-27239 5 Debian, Fedoraproject, Hp and 2 more 19 Debian Linux, Fedora, Helion Openstack and 16 more 2022-10-05 7.2 HIGH 7.8 HIGH
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2020-6485 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2022-10-05 4.3 MEDIUM 6.5 MEDIUM
Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.