Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-24654 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-09-11 4.3 MEDIUM 3.3 LOW
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
CVE-2021-41817 6 Debian, Fedoraproject, Opensuse and 3 more 9 Debian Linux, Fedora, Factory and 6 more 2022-09-09 5.0 MEDIUM 7.5 HIGH
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVE-2021-41819 6 Debian, Fedoraproject, Opensuse and 3 more 9 Debian Linux, Fedora, Factory and 6 more 2022-09-09 5.0 MEDIUM 7.5 HIGH
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2021-45958 3 Debian, Fedoraproject, Ultrajson Project 3 Debian Linux, Fedora, Ultrajson 2022-09-09 4.3 MEDIUM 5.5 MEDIUM
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
CVE-2020-15472 2 Debian, Ntop 2 Debian Linux, Ndpi 2022-09-09 6.4 MEDIUM 9.1 CRITICAL
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
CVE-2020-15476 3 Debian, Linux, Ntop 3 Debian Linux, Linux Kernel, Ndpi 2022-09-09 5.0 MEDIUM 7.5 HIGH
In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.
CVE-2022-21151 3 Debian, Intel, Netapp 796 Debian Linux, Celeron J1750, Celeron J1750 Firmware and 793 more 2022-09-09 2.1 LOW 5.5 MEDIUM
Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-34903 4 Debian, Fedoraproject, Gnupg and 1 more 5 Debian Linux, Fedora, Gnupg and 2 more 2022-09-09 5.8 MEDIUM 6.5 MEDIUM
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32250 4 Debian, Fedoraproject, Linux and 1 more 13 Debian Linux, Fedora, Linux Kernel and 10 more 2022-09-09 7.2 HIGH 7.8 HIGH
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
CVE-2021-22570 5 Debian, Fedoraproject, Google and 2 more 8 Debian Linux, Fedora, Protobuf and 5 more 2022-09-09 2.1 LOW 5.5 MEDIUM
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
CVE-2020-8617 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-09-09 4.3 MEDIUM 5.9 MEDIUM
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
CVE-2022-0547 3 Debian, Fedoraproject, Openvpn 3 Debian Linux, Fedora, Openvpn 2022-09-09 7.5 HIGH 9.8 CRITICAL
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
CVE-2022-29501 3 Debian, Fedoraproject, Schedmd 3 Debian Linux, Fedora, Slurm 2022-09-09 9.0 HIGH 8.8 HIGH
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
CVE-2022-29500 3 Debian, Fedoraproject, Schedmd 3 Debian Linux, Fedora, Slurm 2022-09-09 9.0 HIGH 8.8 HIGH
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
CVE-2020-35490 4 Debian, Fasterxml, Netapp and 1 more 25 Debian Linux, Jackson-databind, Service Level Manager and 22 more 2022-09-08 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-35491 4 Debian, Fasterxml, Netapp and 1 more 26 Debian Linux, Jackson-databind, Service Level Manager and 23 more 2022-09-08 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-36189 4 Debian, Fasterxml, Netapp and 1 more 40 Debian Linux, Jackson-databind, Cloud Backup and 37 more 2022-09-08 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVE-2015-2582 5 Canonical, Debian, Mariadb and 2 more 11 Ubuntu Linux, Debian Linux, Mariadb and 8 more 2022-09-08 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2015-2573 6 Canonical, Debian, Mariadb and 3 more 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more 2022-09-08 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
CVE-2015-2571 6 Canonical, Debian, Mariadb and 3 more 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more 2022-09-08 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.