Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19630 3 Debian, Fedoraproject, Htmldoc Project 3 Debian Linux, Fedora, Htmldoc 2023-02-01 6.8 MEDIUM 7.8 HIGH
HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.
CVE-2019-19709 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2023-02-01 5.8 MEDIUM 6.1 MEDIUM
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.
CVE-2019-18625 4 Debian, Linux, Microsoft and 1 more 4 Debian Linux, Linux Kernel, Windows and 1 more 2023-02-01 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets.
CVE-2022-40674 3 Debian, Fedoraproject, Libexpat Project 3 Debian Linux, Fedora, Libexpat 2023-02-01 N/A 8.1 HIGH
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVE-2022-39377 3 Debian, Fedoraproject, Sysstat Project 3 Debian Linux, Fedora, Sysstat 2023-02-01 N/A 7.8 HIGH
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.
CVE-2022-3646 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-02-01 N/A 4.3 MEDIUM
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.
CVE-2022-3621 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-02-01 N/A 6.5 MEDIUM
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.
CVE-2019-19911 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-02-01 5.0 MEDIUM 7.5 HIGH
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
CVE-2017-7483 2 Debian, Rxvt Project 2 Debian Linux, Rxvt 2023-02-01 5.0 MEDIUM 7.5 HIGH
Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read.
CVE-2020-5390 3 Canonical, Debian, Pysaml2 Project 3 Ubuntu Linux, Debian Linux, Pysaml2 2023-02-01 5.0 MEDIUM 7.5 HIGH
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed.
CVE-2019-13767 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2023-02-01 6.8 MEDIUM 8.8 HIGH
Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-44641 2 Debian, Linaro 2 Debian Linux, Lava 2023-02-01 N/A 6.5 MEDIUM
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
CVE-2022-44789 3 Artifex, Debian, Fedoraproject 3 Mujs, Debian Linux, Fedora 2023-02-01 N/A 8.8 HIGH
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
CVE-2021-4149 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-02-01 2.1 LOW 5.5 MEDIUM
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.
CVE-2022-24958 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2023-02-01 4.6 MEDIUM 7.8 HIGH
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
CVE-2022-45442 2 Debian, Sinatrarb 2 Debian Linux, Sinatra 2023-02-01 N/A 8.8 HIGH
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
CVE-2022-21712 3 Debian, Fedoraproject, Twistedmatrix 3 Debian Linux, Fedora, Twisted 2023-02-01 5.0 MEDIUM 7.5 HIGH
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.
CVE-2021-3907 2 Cloudflare, Debian 2 Octorpki, Debian Linux 2023-02-01 7.5 HIGH 9.8 CRITICAL
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.
CVE-2022-28390 4 Debian, Fedoraproject, Linux and 1 more 4 Debian Linux, Fedora, Linux Kernel and 1 more 2023-02-01 4.6 MEDIUM 7.8 HIGH
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-46391 3 Awstats, Debian, Fedoraproject 3 Awstats, Debian Linux, Fedora 2023-02-01 N/A 6.1 MEDIUM
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.