Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10685 2 Debian, Redhat 6 Debian Linux, Ansible Engine, Ansible Tower and 3 more 2022-11-28 1.9 LOW 5.5 MEDIUM
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.
CVE-2020-10704 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-11-28 5.0 MEDIUM 7.5 HIGH
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
CVE-2020-13362 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2022-11-28 2.1 LOW 3.2 LOW
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
CVE-2020-13361 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2022-11-28 3.3 LOW 3.9 LOW
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
CVE-2022-1785 2 Debian, Vim 2 Debian Linux, Vim 2022-11-28 4.6 MEDIUM 7.8 HIGH
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
CVE-2018-10753 3 Debian, Fedoraproject, Moinejf 3 Debian Linux, Fedora, Abcm2ps 2022-11-28 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-10771 3 Debian, Fedoraproject, Moinejf 3 Debian Linux, Fedora, Abcm2ps 2022-11-28 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2019-1010069 2 Debian, Moinejf 2 Debian Linux, Abcm2ps 2022-11-28 4.3 MEDIUM 5.5 MEDIUM
moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae.
CVE-2022-42321 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2022-11-28 N/A 6.5 MEDIUM
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored.
CVE-2022-42325 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2022-11-28 N/A 5.5 MEDIUM
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.
CVE-2022-42323 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2022-11-28 N/A 5.5 MEDIUM
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota.
CVE-2022-42322 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2022-11-28 N/A 5.5 MEDIUM
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota.
CVE-2022-2928 3 Debian, Fedoraproject, Isc 3 Debian Linux, Fedora, Dhcp 2022-11-28 N/A 6.5 MEDIUM
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
CVE-2022-25647 4 Debian, Google, Netapp and 1 more 6 Debian Linux, Gson, Active Iq Unified Manager and 3 more 2022-11-28 5.0 MEDIUM 7.5 HIGH
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
CVE-2021-3563 3 Debian, Openstack, Redhat 3 Debian Linux, Keystone, Openstack Platform 2022-11-28 N/A 7.4 HIGH
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2019-20041 2 Debian, Wordpress 2 Debian Linux, Wordpress 2022-11-23 7.5 HIGH 9.8 CRITICAL
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.
CVE-2019-16780 2 Debian, Wordpress 2 Debian Linux, Wordpress 2022-11-23 3.5 LOW 5.4 MEDIUM
WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled.
CVE-2020-1968 5 Canonical, Debian, Fujitsu and 2 more 25 Ubuntu Linux, Debian Linux, M10-1 and 22 more 2022-11-21 4.3 MEDIUM 3.7 LOW
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
CVE-2022-39190 2 Debian, Linux 2 Debian Linux, Linux Kernel 2022-11-21 N/A 5.5 MEDIUM
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.
CVE-2022-39188 2 Debian, Linux 2 Debian Linux, Linux Kernel 2022-11-21 N/A 4.7 MEDIUM
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.