Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7498 5 Canonical, Debian, Hp and 2 more 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more 2023-02-12 5.0 MEDIUM N/A
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
CVE-2016-0718 9 Apple, Canonical, Debian and 6 more 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more 2023-02-12 7.5 HIGH 9.8 CRITICAL
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2015-5307 5 Canonical, Debian, Linux and 2 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2023-02-12 4.9 MEDIUM N/A
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
CVE-2015-8558 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 4.9 MEDIUM 5.5 MEDIUM
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
CVE-2015-3258 3 Canonical, Debian, Linuxfoundation 3 Ubuntu Linux, Debian Linux, Cups-filters 2023-02-12 7.5 HIGH N/A
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
CVE-2015-7547 10 Canonical, Debian, F5 and 7 more 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more 2023-02-12 6.8 MEDIUM 8.1 HIGH
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVE-2022-2735 2 Clusterlabs, Debian 2 Pcs, Debian Linux 2023-02-12 N/A 7.8 HIGH
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.
CVE-2018-14624 3 Debian, Fedoraproject, Redhat 8 Debian Linux, 389 Directory Server, Enterprise Linux Desktop and 5 more 2023-02-12 5.0 MEDIUM 7.5 HIGH
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.
CVE-2022-1049 2 Clusterlabs, Debian 2 Pcs, Debian Linux 2023-02-12 6.5 MEDIUM 8.8 HIGH
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
CVE-2021-20221 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Enterprise Linux 2023-02-12 2.1 LOW 6.0 MEDIUM
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2022-26354 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 2.1 LOW 3.2 LOW
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVE-2022-1122 3 Debian, Fedoraproject, Uclouvain 3 Debian Linux, Fedora, Openjpeg 2023-02-12 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
CVE-2021-20257 4 Debian, Fedoraproject, Qemu and 1 more 8 Debian Linux, Fedora, Qemu and 5 more 2023-02-12 2.1 LOW 6.5 MEDIUM
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2022-26353 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 5.0 MEDIUM 7.5 HIGH
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVE-2022-1184 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2023-02-12 N/A 5.5 MEDIUM
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
CVE-2022-0730 3 Cacti, Debian, Fedoraproject 3 Cacti, Debian Linux, Fedora 2023-02-12 6.8 MEDIUM 9.8 CRITICAL
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
CVE-2021-20196 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 2.1 LOW 6.5 MEDIUM
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20204 3 Debian, Fedoraproject, Getdata Project 3 Debian Linux, Fedora, Getdata 2023-02-12 7.5 HIGH 9.8 CRITICAL
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker.
CVE-2022-2663 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-02-12 N/A 5.3 MEDIUM
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
CVE-2022-0718 3 Debian, Openstack, Redhat 4 Debian Linux, Oslo.utils, Openshift Container Platform and 1 more 2023-02-12 N/A 4.9 MEDIUM
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.