Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28893 3 Debian, Linux, Netapp 22 Debian Linux, Linux Kernel, H300e and 19 more 2022-10-07 7.2 HIGH 7.8 HIGH
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
CVE-2022-27379 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2022-27378 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2022-27448 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
CVE-2022-27447 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.
CVE-2022-27458 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.
CVE-2022-27456 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
CVE-2022-27377 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.
CVE-2019-2964 6 Canonical, Debian, Netapp and 3 more 19 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 16 more 2022-10-07 4.3 MEDIUM 3.7 LOW
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-8794 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2022-10-07 10.0 HIGH 9.8 CRITICAL
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
CVE-2019-16770 2 Debian, Puma 2 Debian Linux, Puma 2022-10-07 5.0 MEDIUM 7.5 HIGH
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.
CVE-2021-21772 3 3mf, Debian, Fedoraproject 3 Lib3mf, Debian Linux, Fedora 2022-10-07 6.8 MEDIUM 8.1 HIGH
A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-3570 4 Debian, Fedoraproject, Linuxptp Project and 1 more 7 Debian Linux, Fedora, Linuxptp and 4 more 2022-10-07 8.0 HIGH 8.8 HIGH
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.
CVE-2022-27449 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
CVE-2019-5813 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2022-10-07 6.8 MEDIUM 8.8 HIGH
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-20218 4 Canonical, Debian, Oracle and 1 more 4 Ubuntu Linux, Debian Linux, Mysql Workbench and 1 more 2022-10-07 5.0 MEDIUM 7.5 HIGH
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
CVE-2019-11338 4 Canonical, Debian, Ffmpeg and 1 more 4 Ubuntu Linux, Debian Linux, Ffmpeg and 1 more 2022-10-07 6.8 MEDIUM 8.8 HIGH
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
CVE-2020-8866 2 Debian, Horde 3 Debian Linux, Groupware, Horde Form 2022-10-07 4.0 MEDIUM 6.5 MEDIUM
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.
CVE-2020-8619 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2022-10-07 4.0 MEDIUM 4.9 MEDIUM
In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.
CVE-2020-27670 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2022-10-07 6.9 MEDIUM 7.8 HIGH
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.