Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 8096 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25695 2 Debian, Postgresql 2 Debian Linux, Postgresql 2022-10-19 6.5 MEDIUM 8.8 HIGH
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-25694 2 Debian, Postgresql 2 Debian Linux, Postgresql 2022-10-19 6.8 MEDIUM 8.1 HIGH
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2019-20933 2 Debian, Influxdata 2 Debian Linux, Influxdb 2022-10-19 7.5 HIGH 9.8 CRITICAL
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
CVE-2020-28941 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2022-10-19 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.
CVE-2020-26237 3 Debian, Highlightjs, Oracle 3 Debian Linux, Highlight.js, Mysql Enterprise Monitor 2022-10-19 4.9 MEDIUM 8.7 HIGH
Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable. The pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector. If your website or application does not render user provided data it should be unaffected. Versions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release.
CVE-2022-0494 2 Debian, Linux 2 Debian Linux, Linux Kernel 2022-10-19 4.9 MEDIUM 4.4 MEDIUM
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.
CVE-2022-26691 4 Apple, Debian, Fedoraproject and 1 more 6 Cups, Mac Os X, Macos and 3 more 2022-10-19 7.2 HIGH 6.7 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
CVE-2021-36160 6 Apache, Broadcom, Debian and 3 more 13 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 10 more 2022-10-18 5.0 MEDIUM 7.5 HIGH
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
CVE-2021-3578 3 Debian, Fedoraproject, Isync Project 3 Debian Linux, Fedora, Isync 2022-10-18 7.2 HIGH 7.8 HIGH
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
CVE-2021-39713 2 Debian, Google 2 Debian Linux, Android 2022-10-18 6.9 MEDIUM 7.0 HIGH
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel
CVE-2021-39922 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2022-10-16 5.0 MEDIUM 7.5 HIGH
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39929 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2022-10-16 5.0 MEDIUM 7.5 HIGH
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39925 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2022-10-16 5.0 MEDIUM 7.5 HIGH
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39924 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2022-10-16 5.0 MEDIUM 7.5 HIGH
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39928 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2022-10-16 5.0 MEDIUM 7.5 HIGH
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39921 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2022-10-16 5.0 MEDIUM 7.5 HIGH
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39926 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2022-10-16 5.0 MEDIUM 7.5 HIGH
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
CVE-2020-6493 3 Debian, Google, Opensuse 4 Debian Linux, Chrome, Backports and 1 more 2022-10-14 6.8 MEDIUM 9.6 CRITICAL
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6498 3 Apple, Debian, Google 3 Iphone Os, Debian Linux, Chrome 2022-10-14 4.3 MEDIUM 6.5 MEDIUM
Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2020-6495 3 Debian, Google, Opensuse 4 Debian Linux, Chrome, Backports and 1 more 2022-10-14 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.