Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 8096 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5307 5 Canonical, Debian, Linux and 2 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2023-02-12 4.9 MEDIUM N/A
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
CVE-2016-0718 9 Apple, Canonical, Debian and 6 more 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more 2023-02-12 7.5 HIGH 9.8 CRITICAL
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2015-8558 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 4.9 MEDIUM 5.5 MEDIUM
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
CVE-2018-14624 3 Debian, Fedoraproject, Redhat 8 Debian Linux, 389 Directory Server, Enterprise Linux Desktop and 5 more 2023-02-12 5.0 MEDIUM 7.5 HIGH
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.
CVE-2021-20204 3 Debian, Fedoraproject, Getdata Project 3 Debian Linux, Fedora, Getdata 2023-02-12 7.5 HIGH 9.8 CRITICAL
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker.
CVE-2022-0730 3 Cacti, Debian, Fedoraproject 3 Cacti, Debian Linux, Fedora 2023-02-12 6.8 MEDIUM 9.8 CRITICAL
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
CVE-2022-1122 3 Debian, Fedoraproject, Uclouvain 3 Debian Linux, Fedora, Openjpeg 2023-02-12 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
CVE-2021-20196 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 2.1 LOW 6.5 MEDIUM
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20221 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Enterprise Linux 2023-02-12 2.1 LOW 6.0 MEDIUM
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2022-1184 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2023-02-12 N/A 5.5 MEDIUM
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
CVE-2022-2663 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-02-12 N/A 5.3 MEDIUM
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
CVE-2022-2735 2 Clusterlabs, Debian 2 Pcs, Debian Linux 2023-02-12 N/A 7.8 HIGH
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.
CVE-2022-1049 2 Clusterlabs, Debian 2 Pcs, Debian Linux 2023-02-12 6.5 MEDIUM 8.8 HIGH
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
CVE-2022-0718 3 Debian, Openstack, Redhat 4 Debian Linux, Oslo.utils, Openshift Container Platform and 1 more 2023-02-12 N/A 4.9 MEDIUM
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
CVE-2022-26354 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 2.1 LOW 3.2 LOW
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVE-2021-20257 4 Debian, Fedoraproject, Qemu and 1 more 8 Debian Linux, Fedora, Qemu and 5 more 2023-02-12 2.1 LOW 6.5 MEDIUM
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2022-26353 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 5.0 MEDIUM 7.5 HIGH
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVE-2019-9959 4 Debian, Fedoraproject, Freedesktop and 1 more 7 Debian Linux, Fedora, Poppler and 4 more 2023-02-11 4.3 MEDIUM 6.5 MEDIUM
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
CVE-2018-20650 4 Canonical, Debian, Freedesktop and 1 more 10 Ubuntu Linux, Debian Linux, Poppler and 7 more 2023-02-11 4.3 MEDIUM 6.5 MEDIUM
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
CVE-2019-9903 5 Canonical, Debian, Fedoraproject and 2 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2023-02-11 4.3 MEDIUM 6.5 MEDIUM
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.