Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-18976 2 Debian, Digium 3 Debian Linux, Asterisk, Certified Asterisk 2022-06-03 5.0 MEDIUM 7.5 HIGH
An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.
CVE-2019-18610 2 Debian, Digium 3 Debian Linux, Asterisk, Certified Asterisk 2022-06-03 9.0 HIGH 8.8 HIGH
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
CVE-2021-20190 5 Apache, Debian, Fasterxml and 2 more 8 Nifi, Debian Linux, Jackson-databind and 5 more 2022-06-03 8.3 HIGH 8.1 HIGH
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-39371 2 Debian, Osgeo 3 Debian Linux, Owslib, Pywps 2022-06-02 5.0 MEDIUM 7.5 HIGH
An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.
CVE-2016-9427 3 Bdwgc Project, Debian, Opensuse 4 Bdwgc, Debian Linux, Leap and 1 more 2022-06-01 7.5 HIGH 9.8 CRITICAL
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
CVE-2019-13161 2 Debian, Digium 3 Debian Linux, Asterisk, Certified Asterisk 2022-06-01 3.5 LOW 5.3 MEDIUM
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
CVE-2021-44733 5 Debian, Fedoraproject, Linux and 2 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2022-06-01 4.4 MEDIUM 7.0 HIGH
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVE-2021-21837 2 Debian, Gpac 2 Debian Linux, Gpac 2022-05-31 6.8 MEDIUM 8.8 HIGH
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21850 2 Debian, Gpac 2 Debian Linux, Gpac 2022-05-31 6.8 MEDIUM 8.8 HIGH
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21861 2 Debian, Gpac 2 Debian Linux, Gpac 2022-05-31 6.8 MEDIUM 8.8 HIGH
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-30159 3 Debian, Fedoraproject, Mediawiki 3 Debian Linux, Fedora, Mediawiki 2022-05-27 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master.
CVE-2021-22191 3 Debian, Oracle, Wireshark 3 Debian Linux, Zfs Storage Appliance, Wireshark 2022-05-27 6.8 MEDIUM 8.8 HIGH
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
CVE-2021-23978 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2022-05-27 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
CVE-2021-23961 2 Debian, Mozilla 2 Debian Linux, Firefox 2022-05-27 4.3 MEDIUM 7.4 HIGH
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.
CVE-2021-23969 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2022-05-27 4.3 MEDIUM 4.3 MEDIUM
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
CVE-2021-23973 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2022-05-27 4.3 MEDIUM 6.5 MEDIUM
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
CVE-2021-23968 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2022-05-27 4.3 MEDIUM 4.3 MEDIUM
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
CVE-2021-27379 2 Debian, Xen 2 Debian Linux, Xen 2022-05-27 5.9 MEDIUM 7.8 HIGH
An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565.
CVE-2021-26933 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2022-05-27 2.1 LOW 5.5 MEDIUM
An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory.
CVE-2021-29264 2 Debian, Linux 2 Debian Linux, Linux Kernel 2022-05-27 4.7 MEDIUM 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.