Filtered by vendor Debian
Subscribe
Total
8236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17498 | 5 Debian, Fedoraproject, Libssh2 and 2 more | 11 Debian Linux, Fedora, Libssh2 and 8 more | 2022-10-27 | 5.8 MEDIUM | 8.1 HIGH |
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. | |||||
CVE-2021-30560 | 3 Debian, Google, Xmlsoft | 3 Debian Linux, Chrome, Libxslt | 2022-10-27 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-5815 | 2 Debian, Xmlsoft | 2 Debian Linux, Libxslt | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. | |||||
CVE-2021-45844 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2022-10-27 | 7.6 HIGH | 7.8 HIGH |
Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. | |||||
CVE-2021-45845 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2022-10-27 | 6.8 MEDIUM | 7.8 HIGH |
The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document. | |||||
CVE-2015-4802 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2022-10-27 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. | |||||
CVE-2014-0393 | 5 Canonical, Debian, Mariadb and 2 more | 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more | 2022-10-27 | 3.3 LOW | N/A |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB. | |||||
CVE-2021-42260 | 2 Debian, Tinyxml Project | 2 Debian Linux, Tinyxml | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. | |||||
CVE-2019-17545 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Backports Sle and 3 more | 2022-10-27 | 7.5 HIGH | 9.8 CRITICAL |
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | |||||
CVE-2022-31214 | 3 Debian, Fedoraproject, Firejail Project | 3 Debian Linux, Fedora, Firejail | 2022-10-27 | 7.2 HIGH | 7.8 HIGH |
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. | |||||
CVE-2017-3243 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2022-10-27 | 3.5 LOW | 4.4 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). | |||||
CVE-2019-14433 | 4 Canonical, Debian, Openstack and 1 more | 4 Ubuntu Linux, Debian Linux, Nova and 1 more | 2022-10-27 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. | |||||
CVE-2016-7440 | 4 Debian, Mariadb, Oracle and 1 more | 4 Debian Linux, Mariadb, Mysql and 1 more | 2022-10-27 | 2.1 LOW | 5.5 MEDIUM |
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. | |||||
CVE-2012-3167 | 5 Canonical, Debian, Mariadb and 2 more | 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more | 2022-10-27 | 3.5 LOW | N/A |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search. | |||||
CVE-2016-5584 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2022-10-27 | 3.5 LOW | 4.4 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. | |||||
CVE-2022-26373 | 2 Debian, Intel | 983 Debian Linux, Celeron 5305u, Celeron 5305u Firmware and 980 more | 2022-10-27 | N/A | 5.5 MEDIUM |
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |||||
CVE-2022-36946 | 3 Debian, Linux, Netapp | 7 Debian Linux, Linux Kernel, Active Iq Unified Manager and 4 more | 2022-10-27 | N/A | 7.5 HIGH |
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. | |||||
CVE-2022-21291 | 3 Debian, Netapp, Oracle | 17 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 14 more | 2022-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | |||||
CVE-2022-21427 | 4 Debian, Mariadb, Netapp and 1 more | 7 Debian Linux, Mariadb, Active Iq Unified Manager and 4 more | 2022-10-27 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2021-46829 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2022-10-27 | N/A | 7.8 HIGH |
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. |