Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8866 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-45939 | 4 Debian, Fedoraproject, Gnu and 1 more | 5 Debian Linux, Fedora, Emacs and 2 more | 2024-08-03 | 7.8 High |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | ||||
CVE-2022-45693 | 3 Debian, Jettison Project, Redhat | 9 Debian Linux, Jettison, Camel Spring Boot and 6 more | 2024-08-03 | 7.5 High |
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||
CVE-2022-45685 | 3 Debian, Jettison Project, Redhat | 3 Debian Linux, Jettison, Apache Camel Spring Boot | 2024-08-03 | 7.5 High |
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. | ||||
CVE-2022-45442 | 3 Debian, Redhat, Sinatrarb | 6 Debian Linux, Enterprise Linux, Rhel E4s and 3 more | 2024-08-03 | 8.8 High |
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. | ||||
CVE-2022-45188 | 3 Debian, Fedoraproject, Netatalk | 3 Debian Linux, Fedora, Netatalk | 2024-08-03 | 7.8 High |
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | ||||
CVE-2022-44789 | 3 Artifex, Debian, Fedoraproject | 3 Mujs, Debian Linux, Fedora | 2024-08-03 | 8.8 High |
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. | ||||
CVE-2022-45062 | 3 Debian, Fedoraproject, Xfce | 3 Debian Linux, Fedora, Xfce4-settings | 2024-08-03 | 9.8 Critical |
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. | ||||
CVE-2022-45060 | 5 Debian, Fedoraproject, Redhat and 2 more | 11 Debian Linux, Fedora, Enterprise Linux and 8 more | 2024-08-03 | 7.5 High |
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | ||||
CVE-2022-44792 | 4 Debian, Net-snmp, Netapp and 1 more | 11 Debian Linux, Net-snmp, H300s and 8 more | 2024-08-03 | 6.5 Medium |
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | ||||
CVE-2022-44729 | 3 Apache, Debian, Redhat | 4 Xml Graphics Batik, Debian Linux, Camel Spring Boot and 1 more | 2024-08-03 | 7.1 High |
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. | ||||
CVE-2022-44793 | 4 Debian, Net-snmp, Netapp and 1 more | 11 Debian Linux, Net-snmp, H300s and 8 more | 2024-08-03 | 6.5 Medium |
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | ||||
CVE-2022-44730 | 3 Apache, Debian, Redhat | 4 Xml Graphics Batik, Debian Linux, Camel Spring Boot and 1 more | 2024-08-03 | 4.4 Medium |
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. | ||||
CVE-2022-44641 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2024-08-03 | 6.5 Medium |
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | ||||
CVE-2022-44638 | 4 Debian, Fedoraproject, Pixman and 1 more | 5 Debian Linux, Fedora, Pixman and 2 more | 2024-08-03 | 8.8 High |
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. | ||||
CVE-2022-43750 | 3 Debian, Linux, Redhat | 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more | 2024-08-03 | 6.7 Medium |
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. | ||||
CVE-2022-43681 | 3 Debian, Frrouting, Redhat | 3 Debian Linux, Frrouting, Enterprise Linux | 2024-08-03 | 6.5 Medium |
An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. | ||||
CVE-2022-43680 | 5 Debian, Fedoraproject, Libexpat Project and 2 more | 24 Debian Linux, Fedora, Libexpat and 21 more | 2024-08-03 | 7.5 High |
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | ||||
CVE-2022-43548 | 3 Debian, Nodejs, Redhat | 5 Debian Linux, Node.js, Enterprise Linux and 2 more | 2024-08-03 | 8.1 High |
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | ||||
CVE-2022-43238 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-08-03 | 6.5 Medium |
Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | ||||
CVE-2022-43243 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-08-03 | 6.5 Medium |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |