Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 8096 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13308 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2023-03-02 6.8 MEDIUM 8.8 HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
CVE-2022-41973 3 Debian, Fedoraproject, Opensvc 3 Debian Linux, Fedora, Multipath-tools 2023-03-02 N/A 7.8 HIGH
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
CVE-2022-1652 4 Debian, Linux, Netapp and 1 more 13 Debian Linux, Linux Kernel, H300s and 10 more 2023-03-01 7.2 HIGH 7.8 HIGH
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-42720 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2023-03-01 N/A 7.8 HIGH
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
CVE-2021-38300 3 Debian, Linux, Netapp 19 Debian Linux, Linux Kernel, Cloud Backup and 16 more 2023-03-01 7.2 HIGH 7.8 HIGH
arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.
CVE-2022-41674 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2023-03-01 N/A 8.1 HIGH
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
CVE-2021-3760 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2023-03-01 7.2 HIGH 7.8 HIGH
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
CVE-2021-33909 6 Debian, Fedoraproject, Linux and 3 more 8 Debian Linux, Fedora, Linux Kernel and 5 more 2023-03-01 7.2 HIGH 7.8 HIGH
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
CVE-2022-3594 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-03-01 N/A 5.3 MEDIUM
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
CVE-2019-6116 6 Artifex, Canonical, Debian and 3 more 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more 2023-03-01 6.8 MEDIUM 7.8 HIGH
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
CVE-2019-6128 4 Canonical, Debian, Libtiff and 1 more 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more 2023-03-01 6.8 MEDIUM 8.8 HIGH
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVE-2019-1787 3 Clamav, Debian, Opensuse 3 Clamav, Debian Linux, Leap 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
CVE-2022-35252 4 Apple, Debian, Haxx and 1 more 17 Macos, Debian Linux, Curl and 14 more 2023-03-01 N/A 3.7 LOW
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
CVE-2018-20662 5 Canonical, Debian, Fedoraproject and 2 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
CVE-2019-3832 3 Canonical, Debian, Libsndfile Project 3 Ubuntu Linux, Debian Linux, Libsndfile 2023-03-01 1.9 LOW 5.5 MEDIUM
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
CVE-2019-10018 3 Canonical, Debian, Xpdfreader 3 Ubuntu Linux, Debian Linux, Xpdf 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
CVE-2019-1010174 2 Cimg, Debian 2 Cimg Library, Debian Linux 2023-03-01 7.5 HIGH 9.8 CRITICAL
CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.
CVE-2019-14275 3 Debian, Opensuse, Xfig Project 3 Debian Linux, Leap, Fig2dev 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.
CVE-2018-19107 4 Canonical, Debian, Exiv2 and 1 more 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
CVE-2018-14599 5 Canonical, Debian, Fedoraproject and 2 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2023-03-01 7.5 HIGH 9.8 CRITICAL
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.