Filtered by vendor Debian
Subscribe
Total
8236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-27666 | 5 Debian, Fedoraproject, Linux and 2 more | 21 Debian Linux, Fedora, Linux Kernel and 18 more | 2023-02-01 | 4.6 MEDIUM | 7.8 HIGH |
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. | |||||
CVE-2022-1270 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-02-01 | N/A | 7.8 HIGH |
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. | |||||
CVE-2020-28636 | 3 Cgal, Debian, Fedoraproject | 3 Computational Geometry Algorithms Library, Debian Linux, Fedora | 2023-01-31 | 7.5 HIGH | 9.8 CRITICAL |
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability. | |||||
CVE-2020-35628 | 3 Cgal, Debian, Fedoraproject | 3 Computational Geometry Algorithms Library, Debian Linux, Fedora | 2023-01-31 | 7.5 HIGH | 9.8 CRITICAL |
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability. | |||||
CVE-2020-28601 | 3 Cgal, Debian, Fedoraproject | 3 Computational Geometry Algorithms Library, Debian Linux, Fedora | 2023-01-31 | 7.5 HIGH | 9.8 CRITICAL |
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability. | |||||
CVE-2020-35635 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2023-01-31 | 6.8 MEDIUM | 8.8 HIGH |
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. | |||||
CVE-2020-35634 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2023-01-31 | 6.8 MEDIUM | 8.8 HIGH |
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. | |||||
CVE-2020-35633 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2023-01-31 | 6.8 MEDIUM | 8.8 HIGH |
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. | |||||
CVE-2020-35636 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2023-01-31 | 7.5 HIGH | 9.8 CRITICAL |
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. | |||||
CVE-2020-26935 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Backports Sle and 2 more | 2023-01-31 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. | |||||
CVE-2020-13943 | 3 Apache, Debian, Oracle | 4 Tomcat, Debian Linux, Instantis Enterprisetrack and 1 more | 2023-01-31 | 4.0 MEDIUM | 4.3 MEDIUM |
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. | |||||
CVE-2020-26154 | 4 Debian, Fedoraproject, Libproxy Project and 1 more | 4 Debian Linux, Fedora, Libproxy and 1 more | 2023-01-31 | 6.8 MEDIUM | 9.8 CRITICAL |
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | |||||
CVE-2020-26137 | 4 Canonical, Debian, Oracle and 1 more | 5 Ubuntu Linux, Debian Linux, Communications Cloud Native Core Network Function Cloud Native Environment and 2 more | 2023-01-31 | 6.4 MEDIUM | 6.5 MEDIUM |
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | |||||
CVE-2020-6574 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2023-01-31 | 4.6 MEDIUM | 7.8 HIGH |
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. | |||||
CVE-2020-25739 | 3 Canonical, Debian, Gon Project | 3 Ubuntu Linux, Debian Linux, Gon | 2023-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson. | |||||
CVE-2019-17361 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2023-01-31 | 6.8 MEDIUM | 9.8 CRITICAL |
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. | |||||
CVE-2020-7105 | 3 Debian, Fedoraproject, Redislabs | 3 Debian Linux, Fedora, Hiredis | 2023-01-31 | 5.0 MEDIUM | 7.5 HIGH |
async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. | |||||
CVE-2022-38266 | 3 Debian, Leptonica, Tesseract Project | 3 Debian Linux, Leptonica, Tesseract | 2023-01-31 | N/A | 6.5 MEDIUM |
An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. | |||||
CVE-2020-1767 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2023-01-31 | 3.5 LOW | 4.3 MEDIUM |
Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. | |||||
CVE-2019-20387 | 2 Debian, Opensuse | 2 Debian Linux, Libsolv | 2023-01-31 | 5.0 MEDIUM | 7.5 HIGH |
repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. |