Total
8096 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14443 | 2 Debian, Libav | 2 Debian Linux, Libav | 2023-03-02 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. | |||||
CVE-2019-14442 | 2 Debian, Libav | 2 Debian Linux, Libav | 2023-03-02 | 7.1 HIGH | 6.5 MEDIUM |
In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file. | |||||
CVE-2020-13964 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2023-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | |||||
CVE-2020-13428 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2023-03-02 | 6.8 MEDIUM | 7.8 HIGH |
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. | |||||
CVE-2020-11076 | 3 Debian, Fedoraproject, Puma | 3 Debian Linux, Fedora, Puma | 2023-03-02 | 5.0 MEDIUM | 7.5 HIGH |
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. | |||||
CVE-2022-41218 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-03-02 | N/A | 5.5 MEDIUM |
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. | |||||
CVE-2022-3623 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-03-02 | N/A | 7.5 HIGH |
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability. | |||||
CVE-2023-23455 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-03-02 | N/A | 5.5 MEDIUM |
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | |||||
CVE-2022-47929 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-03-02 | N/A | 5.5 MEDIUM |
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. | |||||
CVE-2023-23454 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-03-02 | N/A | 5.5 MEDIUM |
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | |||||
CVE-2022-45934 | 4 Debian, Fedoraproject, Linux and 1 more | 13 Debian Linux, Fedora, Linux Kernel and 10 more | 2023-03-02 | N/A | 7.8 HIGH |
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | |||||
CVE-2022-2873 | 5 Debian, Fedoraproject, Linux and 2 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2023-03-02 | N/A | 5.5 MEDIUM |
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. | |||||
CVE-2022-36280 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-03-02 | N/A | 5.5 MEDIUM |
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). | |||||
CVE-2023-26314 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2023-03-02 | N/A | 8.8 HIGH |
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. | |||||
CVE-2019-14934 | 3 Debian, Fedoraproject, Pdfresurrect Project | 3 Debian Linux, Fedora, Pdfresurrect | 2023-03-02 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write. | |||||
CVE-2019-14973 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2023-03-02 | 4.3 MEDIUM | 6.5 MEDIUM |
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. | |||||
CVE-2022-41974 | 3 Debian, Fedoraproject, Opensvc | 3 Debian Linux, Fedora, Multipath-tools | 2023-03-02 | N/A | 7.8 HIGH |
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. | |||||
CVE-2022-48281 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2023-03-02 | N/A | 5.5 MEDIUM |
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. | |||||
CVE-2023-23969 | 2 Debian, Djangoproject | 2 Debian Linux, Django | 2023-03-02 | N/A | 7.5 HIGH |
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. | |||||
CVE-2022-48337 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2023-03-02 | N/A | 9.8 CRITICAL |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. |