Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-14513 2 Debian, Thekelleys 2 Debian Linux, Dnsmasq 2023-03-03 5.0 MEDIUM 7.5 HIGH
Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.
CVE-2019-14443 2 Debian, Libav 2 Debian Linux, Libav 2023-03-02 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
CVE-2019-14442 2 Debian, Libav 2 Debian Linux, Libav 2023-03-02 7.1 HIGH 6.5 MEDIUM
In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVE-2020-13964 3 Debian, Fedoraproject, Roundcube 3 Debian Linux, Fedora, Webmail 2023-03-02 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
CVE-2020-13428 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2023-03-02 6.8 MEDIUM 7.8 HIGH
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
CVE-2020-11076 3 Debian, Fedoraproject, Puma 3 Debian Linux, Fedora, Puma 2023-03-02 5.0 MEDIUM 7.5 HIGH
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
CVE-2022-2873 5 Debian, Fedoraproject, Linux and 2 more 14 Debian Linux, Fedora, Linux Kernel and 11 more 2023-03-02 N/A 5.5 MEDIUM
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.
CVE-2022-47929 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-03-02 N/A 5.5 MEDIUM
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.
CVE-2023-23454 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-03-02 N/A 5.5 MEDIUM
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2022-41218 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-03-02 N/A 5.5 MEDIUM
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
CVE-2022-36280 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-03-02 N/A 5.5 MEDIUM
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
CVE-2022-45934 4 Debian, Fedoraproject, Linux and 1 more 13 Debian Linux, Fedora, Linux Kernel and 10 more 2023-03-02 N/A 7.8 HIGH
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2023-23455 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-03-02 N/A 5.5 MEDIUM
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2022-3623 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-03-02 N/A 7.5 HIGH
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability.
CVE-2023-26314 2 Debian, Mono-project 2 Debian Linux, Mono 2023-03-02 N/A 8.8 HIGH
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.
CVE-2019-14934 3 Debian, Fedoraproject, Pdfresurrect Project 3 Debian Linux, Fedora, Pdfresurrect 2023-03-02 6.8 MEDIUM 7.8 HIGH
An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.
CVE-2019-14973 4 Debian, Fedoraproject, Libtiff and 1 more 4 Debian Linux, Fedora, Libtiff and 1 more 2023-03-02 4.3 MEDIUM 6.5 MEDIUM
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.
CVE-2022-41974 3 Debian, Fedoraproject, Opensvc 3 Debian Linux, Fedora, Multipath-tools 2023-03-02 N/A 7.8 HIGH
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.
CVE-2023-23969 2 Debian, Djangoproject 2 Debian Linux, Django 2023-03-02 N/A 7.5 HIGH
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
CVE-2022-48281 2 Debian, Libtiff 2 Debian Linux, Libtiff 2023-03-02 N/A 5.5 MEDIUM
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.