Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8866 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38749 | 3 Debian, Redhat, Snakeyaml Project | 11 Debian Linux, Amq Broker, Amq Clients and 8 more | 2024-08-03 | 6.5 Medium |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | ||||
| CVE-2022-38751 | 3 Debian, Redhat, Snakeyaml Project | 9 Debian Linux, Amq Broker, Camel Spring Boot and 6 more | 2024-08-03 | 6.5 Medium |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | ||||
| CVE-2022-38864 | 2 Debian, Mplayerhq | 3 Debian Linux, Mencoder, Mplayer | 2024-08-03 | 5.5 Medium |
| Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. | ||||
| CVE-2022-38750 | 3 Debian, Redhat, Snakeyaml Project | 9 Debian Linux, Amq Broker, Camel Spring Boot and 6 more | 2024-08-03 | 6.5 Medium |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | ||||
| CVE-2022-38648 | 3 Apache, Debian, Redhat | 4 Batik, Debian Linux, Camel Spring Boot and 1 more | 2024-08-03 | 5.3 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. | ||||
| CVE-2022-38398 | 3 Apache, Debian, Redhat | 4 Batik, Debian Linux, Camel Spring Boot and 1 more | 2024-08-03 | 5.3 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. | ||||
| CVE-2022-38266 | 3 Debian, Leptonica, Tesseract Project | 3 Debian Linux, Leptonica, Tesseract | 2024-08-03 | 6.5 Medium |
| An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. | ||||
| CVE-2022-38076 | 4 Debian, Fedoraproject, Intel and 1 more | 16 Debian Linux, Fedora, Dual Band Wireless-ac 3165 and 13 more | 2024-08-03 | 3.8 Low |
| Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-37797 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2024-08-03 | 7.5 High |
| In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. | ||||
| CVE-2022-37452 | 2 Debian, Exim | 2 Debian Linux, Exim | 2024-08-03 | 9.8 Critical |
| Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. | ||||
| CVE-2022-37434 | 7 Apple, Debian, Fedoraproject and 4 more | 24 Ipados, Iphone Os, Macos and 21 more | 2024-08-03 | 9.8 Critical |
| zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | ||||
| CVE-2022-37616 | 2 Debian, Xmldom Project | 2 Debian Linux, Xmldom | 2024-08-03 | 9.8 Critical |
| A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted." | ||||
| CVE-2022-37454 | 9 Debian, Extended Keccak Code Package Project, Fedoraproject and 6 more | 9 Debian Linux, Extended Keccak Code Package, Fedora and 6 more | 2024-08-03 | 9.8 Critical |
| The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. | ||||
| CVE-2022-37051 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-03 | 6.5 Medium |
| An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | ||||
| CVE-2022-37032 | 3 Debian, Frrouting, Redhat | 3 Debian Linux, Frrouting, Enterprise Linux | 2024-08-03 | 9.1 Critical |
| An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. | ||||
| CVE-2022-37050 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-03 | 6.5 Medium |
| In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. | ||||
| CVE-2022-36946 | 4 Debian, Linux, Netapp and 1 more | 10 Debian Linux, Linux Kernel, Active Iq Unified Manager and 7 more | 2024-08-03 | 7.5 High |
| nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. | ||||
| CVE-2022-35414 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-03 | 8.8 High |
| softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time. | ||||
| CVE-2022-36879 | 4 Debian, Linux, Netapp and 1 more | 46 Debian Linux, Linux Kernel, A700s and 43 more | 2024-08-03 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. | ||||
| CVE-2022-36440 | 4 Debian, Fedoraproject, Frrouting and 1 more | 4 Debian Linux, Fedora, Frrouting and 1 more | 2024-08-03 | 7.5 High |
| A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. | ||||