Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20916 4 Debian, Opensuse, Oracle and 1 more 5 Debian Linux, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 2 more 2022-07-25 5.0 MEDIUM 7.5 HIGH
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
CVE-2020-1765 3 Debian, Opensuse, Otrs 4 Debian Linux, Backports Sle, Leap and 1 more 2022-07-25 5.0 MEDIUM 5.3 MEDIUM
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
CVE-2022-0545 2 Blender, Debian 2 Blender, Debian Linux 2022-07-25 5.1 MEDIUM 7.8 HIGH
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2020-9951 3 Apple, Debian, Webkit 9 Icloud, Ipados, Iphone Os and 6 more 2022-07-23 6.8 MEDIUM 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-9948 3 Apple, Debian, Webkit 3 Safari, Debian Linux, Webkitgtk\+ 2022-07-23 6.8 MEDIUM 8.8 HIGH
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-40391 3 Debian, Fedoraproject, Gerbv Project 3 Debian Linux, Fedora, Gerbv 2022-07-22 7.5 HIGH 9.8 CRITICAL
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-28044 2 Debian, Irzip Project 2 Debian Linux, Irzip 2022-07-22 7.5 HIGH 9.8 CRITICAL
Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.
CVE-2022-24070 2 Apache, Debian 2 Subversion, Debian Linux 2022-07-21 5.0 MEDIUM 7.5 HIGH
Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.
CVE-2007-1887 3 Canonical, Debian, Php 3 Ubuntu Linux, Debian Linux, Php 2022-07-21 7.5 HIGH N/A
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.
CVE-2017-10384 5 Debian, Mariadb, Netapp and 2 more 17 Debian Linux, Mariadb, Active Iq Unified Manager and 14 more 2022-07-21 4.0 MEDIUM 6.5 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2017-3238 4 Debian, Mariadb, Oracle and 1 more 9 Debian Linux, Mariadb, Mysql and 6 more 2022-07-21 4.0 MEDIUM 6.5 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
CVE-2017-3244 4 Debian, Mariadb, Oracle and 1 more 9 Debian Linux, Mariadb, Mysql and 6 more 2022-07-21 4.0 MEDIUM 6.5 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
CVE-2022-0711 3 Debian, Haproxy, Redhat 5 Debian Linux, Haproxy, Enterprise Linux and 2 more 2022-07-21 5.0 MEDIUM 7.5 HIGH
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
CVE-2021-21779 3 Debian, Fedoraproject, Webkitgtk 3 Debian Linux, Fedora, Webkitgtk 2022-07-21 6.8 MEDIUM 8.8 HIGH
A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.
CVE-2022-35410 2 0xacab, Debian 2 Mat2, Debian Linux 2022-07-20 5.0 MEDIUM 7.5 HIGH
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.
CVE-2016-10160 3 Debian, Netapp, Php 3 Debian Linux, Clustered Data Ontap, Php 2022-07-20 7.5 HIGH 9.8 CRITICAL
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
CVE-2016-3074 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2022-07-20 7.5 HIGH 9.8 CRITICAL
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
CVE-2016-4544 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Leap and 2 more 2022-07-20 7.5 HIGH 9.8 CRITICAL
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
CVE-2016-5770 3 Debian, Opensuse, Php 4 Debian Linux, Leap, Opensuse and 1 more 2022-07-20 7.5 HIGH 9.8 CRITICAL
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.
CVE-2016-5771 3 Debian, Opensuse, Php 4 Debian Linux, Leap, Opensuse and 1 more 2022-07-20 7.5 HIGH 9.8 CRITICAL
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.