Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7895 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-01-19 10.0 HIGH 9.8 CRITICAL
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
CVE-2019-15926 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-01-19 9.4 HIGH 9.1 CRITICAL
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.
CVE-2015-3331 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-01-19 9.3 HIGH N/A
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
CVE-2019-19816 4 Canonical, Debian, Linux and 1 more 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more 2023-01-19 9.3 HIGH 7.8 HIGH
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
CVE-2019-17666 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-01-19 8.3 HIGH 8.8 HIGH
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVE-2021-28660 4 Debian, Fedoraproject, Linux and 1 more 20 Debian Linux, Fedora, Linux Kernel and 17 more 2023-01-19 8.3 HIGH 8.8 HIGH
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
CVE-2018-9363 4 Canonical, Debian, Google and 1 more 4 Ubuntu Linux, Debian Linux, Android and 1 more 2023-01-19 7.2 HIGH 8.4 HIGH
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.
CVE-2012-2135 3 Canonical, Debian, Python 3 Ubuntu Linux, Debian Linux, Python 2023-01-19 6.4 MEDIUM N/A
The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.
CVE-2020-29569 4 Debian, Linux, Netapp and 1 more 7 Debian Linux, Linux Kernel, Hci Compute Node and 4 more 2023-01-19 7.2 HIGH 8.8 HIGH
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
CVE-2017-1000251 4 Debian, Linux, Nvidia and 1 more 10 Debian Linux, Linux Kernel, Jetson Tk1 and 7 more 2023-01-19 7.7 HIGH 8.0 HIGH
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
CVE-2017-14497 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-01-19 7.2 HIGH 7.8 HIGH
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.
CVE-2017-16995 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-01-19 7.2 HIGH 7.8 HIGH
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
CVE-2017-15868 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-01-19 7.2 HIGH 7.8 HIGH
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
CVE-2019-16935 3 Canonical, Debian, Python 3 Ubuntu Linux, Debian Linux, Python 2023-01-19 4.3 MEDIUM 6.1 MEDIUM
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
CVE-2017-15115 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2023-01-19 7.2 HIGH 7.8 HIGH
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
CVE-2017-16939 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-01-19 7.2 HIGH 7.8 HIGH
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
CVE-2017-16526 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-01-19 7.2 HIGH 7.8 HIGH
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-17805 6 Canonical, Debian, Linux and 3 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2023-01-19 7.2 HIGH 7.8 HIGH
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
CVE-2017-16996 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-01-19 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.
CVE-2017-17852 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-01-19 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.