Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6493 3 Debian, Google, Opensuse 4 Debian Linux, Chrome, Backports and 1 more 2022-10-14 6.8 MEDIUM 9.6 CRITICAL
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-6498 3 Apple, Debian, Google 3 Iphone Os, Debian Linux, Chrome 2022-10-14 4.3 MEDIUM 6.5 MEDIUM
Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2020-6495 3 Debian, Google, Opensuse 4 Debian Linux, Chrome, Backports and 1 more 2022-10-14 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2020-6497 3 Apple, Debian, Google 3 Iphone Os, Debian Linux, Chrome 2022-10-14 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI.
CVE-2020-36322 3 Debian, Linux, Starwindsoftware 3 Debian Linux, Linux Kernel, Starwind Virtual San 2022-10-14 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
CVE-2019-5477 3 Canonical, Debian, Nokogiri 3 Ubuntu Linux, Debian Linux, Nokogiri 2022-10-14 7.5 HIGH 9.8 CRITICAL
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
CVE-2019-20163 2 Debian, Gpac 2 Debian Linux, Gpac 2022-10-14 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c.
CVE-2019-20162 2 Debian, Gpac 2 Debian Linux, Gpac 2022-10-14 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c.
CVE-2019-20161 2 Debian, Gpac 2 Debian Linux, Gpac 2022-10-14 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.
CVE-2019-20165 2 Debian, Gpac 2 Debian Linux, Gpac 2022-10-14 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c.
CVE-2019-20170 2 Debian, Gpac 2 Debian Linux, Gpac 2022-10-14 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c.
CVE-2020-2778 5 Canonical, Debian, Netapp and 2 more 20 Ubuntu Linux, Debian Linux, 7-mode Transition Tool and 17 more 2022-10-14 4.3 MEDIUM 3.7 LOW
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2022-0854 2 Debian, Linux 2 Debian Linux, Linux Kernel 2022-10-14 2.1 LOW 5.5 MEDIUM
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
CVE-2022-1328 3 Debian, Fedoraproject, Mutt 3 Debian Linux, Fedora, Mutt 2022-10-14 5.0 MEDIUM 5.3 MEDIUM
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line
CVE-2022-26874 2 Debian, Horde 2 Debian Linux, Horde Mime Viewer 2022-10-14 3.5 LOW 5.4 MEDIUM
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.
CVE-2022-1734 3 Debian, Linux, Netapp 18 Debian Linux, Linux Kernel, H300e and 15 more 2022-10-14 4.4 MEDIUM 7.0 HIGH
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
CVE-2020-29129 3 Debian, Fedoraproject, Libslirp Project 3 Debian Linux, Fedora, Libslirp 2022-10-14 4.0 MEDIUM 4.3 MEDIUM
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2021-26119 2 Debian, Smarty 2 Debian Linux, Smarty 2022-10-14 5.0 MEDIUM 7.5 HIGH
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.
CVE-2021-26120 2 Debian, Smarty 2 Debian Linux, Smarty 2022-10-14 7.5 HIGH 9.8 CRITICAL
Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.
CVE-2022-23222 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2022-10-14 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.