Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25602 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-09-29 4.6 MEDIUM 6.0 MEDIUM
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV guest administrator can crash Xen, resulting in a host Denial of Service. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only Xen versions 4.11 and onwards are vulnerable. 4.10 and earlier are not vulnerable. Only x86 systems that do not implement the MISC_ENABLE MSR (0x1a0) are vulnerable. AMD and Hygon systems do not implement this MSR and are vulnerable. Intel systems do implement this MSR and are not vulnerable. Other manufacturers have not been checked. Only x86 PV guests can exploit the vulnerability. x86 HVM/PVH guests cannot exploit the vulnerability.
CVE-2020-25604 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-09-29 1.9 LOW 4.7 MEDIUM
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.
CVE-2020-26139 5 Arista, Cisco, Debian and 2 more 330 C-100, C-100 Firmware, C-110 and 327 more 2022-09-29 2.9 LOW 5.3 MEDIUM
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
CVE-2021-45444 4 Apple, Debian, Fedoraproject and 1 more 5 Mac Os X, Macos, Debian Linux and 2 more 2022-09-29 5.1 MEDIUM 7.8 HIGH
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
CVE-2021-21703 5 Debian, Fedoraproject, Netapp and 2 more 5 Debian Linux, Fedora, Clustered Data Ontap and 2 more 2022-09-29 6.9 MEDIUM 7.0 HIGH
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
CVE-2021-41099 5 Debian, Fedoraproject, Netapp and 2 more 5 Debian Linux, Fedora, Management Services For Element Software And Netapp Hci and 2 more 2022-09-29 6.0 MEDIUM 7.5 HIGH
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
CVE-2022-23852 5 Debian, Libexpat Project, Netapp and 2 more 6 Debian Linux, Libexpat, Clustered Data Ontap and 3 more 2022-09-29 7.5 HIGH 9.8 CRITICAL
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVE-2021-0129 4 Bluez, Debian, Linux and 1 more 4 Bluez, Debian Linux, Linux Kernel and 1 more 2022-09-29 2.7 LOW 5.7 MEDIUM
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
CVE-2017-3317 4 Debian, Mariadb, Oracle and 1 more 9 Debian Linux, Mariadb, Mysql and 6 more 2022-09-29 1.5 LOW 4.0 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).
CVE-2017-10268 5 Debian, Mariadb, Netapp and 2 more 17 Debian Linux, Mariadb, Active Iq Unified Manager and 14 more 2022-09-29 1.5 LOW 4.1 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).
CVE-2015-4836 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2022-09-29 2.8 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
CVE-2017-3318 4 Debian, Mariadb, Oracle and 1 more 9 Debian Linux, Mariadb, Mysql and 6 more 2022-09-29 1.0 LOW 4.0 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).
CVE-2013-5908 5 Canonical, Debian, Mariadb and 2 more 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more 2022-09-29 2.6 LOW N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
CVE-2020-35530 2 Debian, Libraw 2 Debian Linux, Libraw 2022-09-29 N/A 5.5 MEDIUM
In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.
CVE-2022-27445 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-09-29 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
CVE-2022-27452 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-09-29 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
CVE-2020-35531 2 Debian, Libraw 2 Debian Linux, Libraw 2022-09-29 N/A 5.5 MEDIUM
In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.
CVE-2020-35532 2 Debian, Libraw 2 Debian Linux, Libraw 2022-09-29 N/A 5.5 MEDIUM
In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.
CVE-2022-27376 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-09-29 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.
CVE-2022-27383 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-09-29 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.