Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 8096 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29824 5 Debian, Fedoraproject, Netapp and 2 more 24 Debian Linux, Fedora, Active Iq Unified Manager and 21 more 2023-01-11 4.3 MEDIUM 6.5 MEDIUM
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
CVE-2021-3612 6 Debian, Fedoraproject, Linux and 3 more 26 Debian Linux, Fedora, Linux Kernel and 23 more 2023-01-11 7.2 HIGH 7.8 HIGH
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2020-36424 2 Arm, Debian 2 Mbed Tls, Debian Linux 2023-01-11 1.9 LOW 4.7 MEDIUM
An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.
CVE-2020-36426 2 Arm, Debian 2 Mbed Tls, Debian Linux 2023-01-11 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
CVE-2020-36423 2 Arm, Debian 2 Mbed Tls, Debian Linux 2023-01-11 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.
CVE-2020-36425 2 Arm, Debian 2 Mbed Tls, Debian Linux 2023-01-11 4.3 MEDIUM 5.3 MEDIUM
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
CVE-2020-36422 2 Arm, Debian 2 Mbed Tls, Debian Linux 2023-01-11 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.
CVE-2020-36476 2 Arm, Debian 2 Mbed Tls, Debian Linux 2023-01-11 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
CVE-2020-36478 3 Arm, Debian, Siemens 14 Mbed Tls, Debian Linux, Logo\! Cmr2020 and 11 more 2023-01-11 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.
CVE-2020-36421 2 Arm, Debian 2 Mbed Tls, Debian Linux 2023-01-11 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.
CVE-2020-36475 3 Arm, Debian, Siemens 14 Mbed Tls, Debian Linux, Logo\! Cmr2020 and 11 more 2023-01-11 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.
CVE-2021-3778 4 Debian, Fedoraproject, Netapp and 1 more 4 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 1 more 2023-01-11 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3796 4 Debian, Fedoraproject, Netapp and 1 more 4 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 1 more 2023-01-11 6.8 MEDIUM 7.3 HIGH
vim is vulnerable to Use After Free
CVE-2021-41073 4 Debian, Fedoraproject, Linux and 1 more 21 Debian Linux, Fedora, Linux Kernel and 18 more 2023-01-11 7.2 HIGH 7.8 HIGH
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
CVE-2022-3643 3 Broadcom, Debian, Linux 3 Bcm5780, Debian Linux, Linux Kernel 2023-01-10 N/A 10.0 CRITICAL
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.
CVE-2022-42328 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-01-10 N/A 5.5 MEDIUM
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
CVE-2022-42329 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-01-10 N/A 5.5 MEDIUM
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
CVE-2021-37533 2 Apache, Debian 2 Commons Net, Debian Linux 2023-01-10 N/A 6.5 MEDIUM
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.
CVE-2020-28617 2 Cgal, Debian 2 Computational Geometry Algorithms Library, Debian Linux 2023-01-09 6.8 MEDIUM 8.8 HIGH
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last().
CVE-2020-28616 2 Cgal, Debian 2 Computational Geometry Algorithms Library, Debian Linux 2023-01-09 6.8 MEDIUM 8.8 HIGH
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_begin().