Filtered by vendor Debian
Subscribe
Total
8236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-0629 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2022-12-02 | 6.8 MEDIUM | 7.8 HIGH |
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||||
CVE-2022-0714 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2022-12-02 | 4.3 MEDIUM | 5.5 MEDIUM |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. | |||||
CVE-2022-42003 | 4 Debian, Fasterxml, Netapp and 1 more | 4 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 1 more | 2022-12-02 | N/A | 7.5 HIGH |
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 | |||||
CVE-2022-42004 | 4 Debian, Fasterxml, Netapp and 1 more | 4 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 1 more | 2022-12-02 | N/A | 7.5 HIGH |
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. | |||||
CVE-2020-36518 | 4 Debian, Fasterxml, Netapp and 1 more | 36 Debian Linux, Jackson-databind, Active Iq Unified Manager and 33 more | 2022-11-29 | 5.0 MEDIUM | 7.5 HIGH |
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | |||||
CVE-2022-0696 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2022-11-29 | 4.3 MEDIUM | 5.5 MEDIUM |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. | |||||
CVE-2022-0318 | 3 Apple, Debian, Vim | 3 Macos, Debian Linux, Vim | 2022-11-29 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based Buffer Overflow in vim/vim prior to 8.2. | |||||
CVE-2022-0392 | 3 Apple, Debian, Vim | 3 Macos, Debian Linux, Vim | 2022-11-29 | 6.8 MEDIUM | 7.8 HIGH |
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. | |||||
CVE-2017-13756 | 2 Debian, Sleuthkit | 2 Debian Linux, The Sleuth Kit | 2022-11-29 | 4.3 MEDIUM | 5.5 MEDIUM |
In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. | |||||
CVE-2022-41404 | 2 Debian, Ini4j Project | 2 Debian Linux, Ini4j | 2022-11-29 | N/A | 7.5 HIGH |
An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||||
CVE-2020-11653 | 4 Debian, Opensuse, Varnish-cache and 1 more | 5 Debian Linux, Backports Sle, Leap and 2 more | 2022-11-29 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. | |||||
CVE-2017-13760 | 2 Debian, Sleuthkit | 2 Debian Linux, The Sleuth Kit | 2022-11-29 | 4.3 MEDIUM | 5.5 MEDIUM |
In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a. | |||||
CVE-2017-13755 | 2 Debian, Sleuthkit | 2 Debian Linux, The Sleuth Kit | 2022-11-29 | 4.3 MEDIUM | 5.5 MEDIUM |
In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. | |||||
CVE-2018-19497 | 3 Debian, Fedoraproject, Sleuthkit | 3 Debian Linux, Fedora, The Sleuth Kit | 2022-11-29 | 4.3 MEDIUM | 6.5 MEDIUM |
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). | |||||
CVE-2019-1010065 | 3 Debian, Fedoraproject, Sleuthkit | 3 Debian Linux, Fedora, The Sleuth Kit | 2022-11-29 | 4.3 MEDIUM | 6.5 MEDIUM |
The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image. | |||||
CVE-2018-1108 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2022-11-29 | 4.3 MEDIUM | 5.9 MEDIUM |
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. | |||||
CVE-2022-42318 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-11-29 | N/A | 6.5 MEDIUM |
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction | |||||
CVE-2022-42319 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-11-29 | N/A | 6.5 MEDIUM |
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored. | |||||
CVE-2022-42320 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-11-29 | N/A | 7.0 HIGH |
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0. | |||||
CVE-2022-42326 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-11-29 | N/A | 5.5 MEDIUM |
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. |