Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 8096 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13112 4 Canonical, Debian, Libexif Project and 1 more 4 Ubuntu Linux, Debian Linux, Libexif and 1 more 2023-01-27 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
CVE-2020-12823 4 Debian, Fedoraproject, Infradead and 1 more 4 Debian Linux, Fedora, Openconnect and 1 more 2023-01-27 7.5 HIGH 9.8 CRITICAL
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
CVE-2020-12767 4 Canonical, Debian, Libexif Project and 1 more 4 Ubuntu Linux, Debian Linux, Libexif and 1 more 2023-01-27 2.1 LOW 5.5 MEDIUM
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
CVE-2020-1983 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2023-01-27 2.1 LOW 6.5 MEDIUM
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
CVE-2019-17023 3 Canonical, Debian, Mozilla 3 Ubuntu Linux, Debian Linux, Firefox 2023-01-27 4.3 MEDIUM 6.5 MEDIUM
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
CVE-2019-20917 2 Debian, Inspircd 2 Debian Linux, Inspircd 2023-01-27 6.8 MEDIUM 6.5 MEDIUM
An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.
CVE-2020-7040 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more 2023-01-27 9.3 HIGH 8.1 HIGH
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
CVE-2020-1766 2 Debian, Otrs 2 Debian Linux, Otrs 2023-01-27 4.3 MEDIUM 6.1 MEDIUM
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
CVE-2022-45693 2 Debian, Jettison Project 2 Debian Linux, Jettison 2023-01-26 N/A 7.5 HIGH
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
CVE-2012-3173 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2023-01-24 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
CVE-2020-17353 4 Debian, Fedoraproject, Lilypond and 1 more 5 Debian Linux, Fedora, Lilypond and 2 more 2023-01-23 7.5 HIGH 9.8 CRITICAL
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
CVE-2020-14350 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2023-01-23 4.4 MEDIUM 7.3 HIGH
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
CVE-2020-24370 3 Debian, Fedoraproject, Lua 3 Debian Linux, Fedora, Lua 2023-01-23 5.0 MEDIUM 5.3 MEDIUM
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
CVE-2019-18860 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2023-01-23 4.3 MEDIUM 6.1 MEDIUM
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
CVE-2019-20382 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2023-01-23 2.7 LOW 3.5 LOW
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
CVE-2020-25269 2 Debian, Inspircd 2 Debian Linux, Inspircd 2023-01-23 6.8 MEDIUM 6.5 MEDIUM
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.
CVE-2020-5313 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-01-23 5.8 MEDIUM 7.1 HIGH
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
CVE-2020-15953 4 Debian, Fedoraproject, Libetpan Project and 1 more 4 Debian Linux, Fedora, Libetpan and 1 more 2023-01-20 5.8 MEDIUM 7.4 HIGH
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
CVE-2019-20208 2 Debian, Gpac 2 Debian Linux, Gpac 2023-01-20 4.3 MEDIUM 5.5 MEDIUM
dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow.
CVE-2019-20096 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-01-20 4.9 MEDIUM 5.5 MEDIUM
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.