Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17672 2 Debian, Wordpress 2 Debian Linux, Wordpress 2023-02-03 4.3 MEDIUM 6.1 MEDIUM
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
CVE-2019-17675 2 Debian, Wordpress 2 Debian Linux, Wordpress 2023-02-03 6.8 MEDIUM 8.8 HIGH
WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
CVE-2019-17669 2 Debian, Wordpress 2 Debian Linux, Wordpress 2023-02-03 7.5 HIGH 9.8 CRITICAL
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
CVE-2021-44731 3 Canonical, Debian, Fedoraproject 4 Snapd, Ubuntu Linux, Debian Linux and 1 more 2023-02-03 6.9 MEDIUM 7.8 HIGH
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVE-2020-15503 3 Debian, Fedoraproject, Libraw 3 Debian Linux, Fedora, Libraw 2023-02-03 5.0 MEDIUM 7.5 HIGH
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
CVE-2021-21330 3 Aiohttp Project, Debian, Fedoraproject 3 Aiohttp, Debian Linux, Fedora 2023-02-03 5.8 MEDIUM 6.1 MEDIUM
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications.
CVE-2019-13744 4 Debian, Fedoraproject, Google and 1 more 7 Debian Linux, Fedora, Chrome and 4 more 2023-02-03 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13746 4 Debian, Fedoraproject, Google and 1 more 7 Debian Linux, Fedora, Chrome and 4 more 2023-02-03 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2019-13748 4 Debian, Fedoraproject, Google and 1 more 7 Debian Linux, Fedora, Chrome and 4 more 2023-02-03 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2021-3598 3 Debian, Openexr, Redhat 3 Debian Linux, Openexr, Enterprise Linux 2023-02-03 2.1 LOW 5.5 MEDIUM
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
CVE-2021-3605 3 Debian, Openexr, Redhat 3 Debian Linux, Openexr, Enterprise Linux 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
CVE-2019-17342 2 Debian, Xen 2 Debian Linux, Xen 2023-02-03 4.4 MEDIUM 7.0 HIGH
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.
CVE-2019-17341 2 Debian, Xen 2 Debian Linux, Xen 2023-02-03 6.9 MEDIUM 7.8 HIGH
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.
CVE-2019-17350 2 Debian, Xen 2 Debian Linux, Xen 2023-02-03 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.
CVE-2019-17348 2 Debian, Xen 2 Debian Linux, Xen 2023-02-03 4.9 MEDIUM 6.5 MEDIUM
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
CVE-2019-17347 2 Debian, Xen 2 Debian Linux, Xen 2023-02-03 4.6 MEDIUM 7.8 HIGH
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).
CVE-2019-17346 2 Debian, Xen 2 Debian Linux, Xen 2023-02-03 7.2 HIGH 8.8 HIGH
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.
CVE-2021-34055 2 Debian, Jhead Project 2 Debian Linux, Jhead 2023-02-03 N/A 7.8 HIGH
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.
CVE-2021-23518 2 Cached-path-relative Project, Debian 2 Cached-path-relative, Debian Linux 2023-02-03 7.5 HIGH 9.8 CRITICAL
The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573
CVE-2022-0235 3 Debian, Node-fetch Project, Siemens 3 Debian Linux, Node-fetch, Sinec Ins 2023-02-03 5.8 MEDIUM 6.1 MEDIUM
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor