Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-29394 2 Debian, Genivi 2 Debian Linux, Diagnostic Log And Trace 2023-02-03 6.8 MEDIUM 7.8 HIGH
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).
CVE-2019-18390 4 Debian, Opensuse, Redhat and 1 more 4 Debian Linux, Leap, Enterprise Linux and 1 more 2023-02-03 3.6 LOW 7.1 HIGH
An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.
CVE-2017-12081 2 Blender, Debian 2 Blender, Debian Linux 2023-02-03 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
CVE-2020-5267 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2023-02-03 3.5 LOW 4.8 MEDIUM
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
CVE-2021-3975 5 Canonical, Debian, Fedoraproject and 2 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2023-02-03 N/A 6.5 MEDIUM
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
CVE-2019-20485 3 Debian, Fedoraproject, Redhat 3 Debian Linux, Fedora, Libvirt 2023-02-03 2.7 LOW 5.7 MEDIUM
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
CVE-2020-14347 3 Canonical, Debian, X.org 3 Ubuntu Linux, Debian Linux, Xorg-server 2023-02-03 2.1 LOW 5.5 MEDIUM
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
CVE-2021-28153 4 Broadcom, Debian, Fedoraproject and 1 more 4 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 1 more 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
CVE-2020-15803 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Backports and 2 more 2023-02-03 4.3 MEDIUM 6.1 MEDIUM
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
CVE-2018-14622 4 Canonical, Debian, Libtirpc Project and 1 more 8 Ubuntu Linux, Debian Linux, Libtirpc and 5 more 2023-02-03 5.0 MEDIUM 7.5 HIGH
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
CVE-2022-42721 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2023-02-03 N/A 5.5 MEDIUM
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
CVE-2022-42722 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2023-02-03 N/A 5.5 MEDIUM
In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.
CVE-2020-16845 4 Debian, Fedoraproject, Golang and 1 more 4 Debian Linux, Fedora, Go and 1 more 2023-02-02 5.0 MEDIUM 7.5 HIGH
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
CVE-2020-10730 5 Debian, Fedoraproject, Opensuse and 2 more 5 Debian Linux, Fedora, Leap and 2 more 2023-02-02 4.0 MEDIUM 6.5 MEDIUM
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
CVE-2020-12674 4 Canonical, Debian, Dovecot and 1 more 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more 2023-02-02 5.0 MEDIUM 7.5 HIGH
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
CVE-2020-12673 4 Canonical, Debian, Dovecot and 1 more 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more 2023-02-02 5.0 MEDIUM 7.5 HIGH
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
CVE-2020-11023 7 Debian, Drupal, Fedoraproject and 4 more 55 Debian Linux, Drupal, Fedora and 52 more 2023-02-02 4.3 MEDIUM 6.1 MEDIUM
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2017-12100 2 Blender, Debian 2 Blender, Debian Linux 2023-02-02 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
CVE-2017-12102 2 Blender, Debian 2 Blender, Debian Linux 2023-02-02 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
CVE-2017-12101 2 Blender, Debian 2 Blender, Debian Linux 2023-02-02 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.