Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 8096 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-32083 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-25 5.0 MEDIUM 7.5 HIGH
MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
CVE-2022-2048 4 Debian, Eclipse, Jenkins and 1 more 8 Debian Linux, Jetty, Jenkins and 5 more 2022-10-25 5.0 MEDIUM 7.5 HIGH
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
CVE-2022-2047 3 Debian, Eclipse, Netapp 7 Debian Linux, Jetty, Element Plug-in For Vcenter Server and 4 more 2022-10-25 4.0 MEDIUM 2.7 LOW
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
CVE-2021-41079 3 Apache, Debian, Netapp 3 Tomcat, Debian Linux, Management Services For Element Software And Netapp Hci 2022-10-25 4.3 MEDIUM 7.5 HIGH
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
CVE-2021-25122 3 Apache, Debian, Oracle 12 Tomcat, Debian Linux, Agile Plm and 9 more 2022-10-25 5.0 MEDIUM 7.5 HIGH
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
CVE-2020-25656 4 Debian, Linux, Redhat and 1 more 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more 2022-10-25 1.9 LOW 4.1 MEDIUM
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
CVE-2020-14314 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2022-10-25 2.1 LOW 5.5 MEDIUM
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.
CVE-2021-37750 5 Debian, Fedoraproject, Mit and 2 more 5 Debian Linux, Fedora, Kerberos 5 and 2 more 2022-10-25 4.0 MEDIUM 6.5 MEDIUM
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
CVE-2020-25643 6 Debian, Linux, Netapp and 3 more 7 Debian Linux, Linux Kernel, H410c and 4 more 2022-10-25 7.5 HIGH 7.2 HIGH
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2018-3837 3 Debian, Libsdl, Starwindsoftware 3 Debian Linux, Sdl Image, Starwind Virtual San 2022-10-25 4.3 MEDIUM 5.5 MEDIUM
An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2018-3839 3 Debian, Libsdl, Starwindsoftware 3 Debian Linux, Sdl Image, Starwind Virtual San 2022-10-25 6.8 MEDIUM 8.8 HIGH
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2018-16738 3 Debian, Starwindsoftware, Tinc-vpn 3 Debian Linux, Starwind Virtual San, Tinc 2022-10-25 4.3 MEDIUM 3.7 LOW
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
CVE-2018-16758 3 Debian, Starwindsoftware, Tinc-vpn 3 Debian Linux, Starwind Virtual San, Tinc 2022-10-25 4.3 MEDIUM 5.9 MEDIUM
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
CVE-2018-18584 7 Cabextract Project, Canonical, Debian and 4 more 7 Cabextract, Ubuntu Linux, Debian Linux and 4 more 2022-10-25 4.3 MEDIUM 6.5 MEDIUM
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
CVE-2018-18585 6 Canonical, Debian, Kyzer and 3 more 8 Ubuntu Linux, Debian Linux, Libmspack and 5 more 2022-10-25 4.3 MEDIUM 4.3 MEDIUM
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
CVE-2021-22116 2 Debian, Vmware 2 Debian Linux, Rabbitmq 2022-10-25 4.3 MEDIUM 7.5 HIGH
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
CVE-2020-25704 3 Debian, Linux, Starwindsoftware 6 Debian Linux, Linux Kernel, Command Center and 3 more 2022-10-25 4.9 MEDIUM 5.5 MEDIUM
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
CVE-2020-0427 4 Debian, Google, Opensuse and 1 more 4 Debian Linux, Android, Leap and 1 more 2022-10-25 2.1 LOW 5.5 MEDIUM
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171
CVE-2021-38161 2 Apache, Debian 2 Traffic Server, Debian Linux 2022-10-25 6.8 MEDIUM 8.1 HIGH
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.
CVE-2021-21285 3 Debian, Docker, Netapp 3 Debian Linux, Docker, E-series Santricity Os Controller 2022-10-25 4.3 MEDIUM 6.5 MEDIUM
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.