CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian » Debian Linux : Security Vulnerabilities (CVSS score between 4 and 8.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-30688 269 2022-05-17 2022-05-25
4.6
None Local Low Not required Partial Partial Partial
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
2 CVE-2022-29582 416 2022-04-22 2022-05-04
6.9
None Local Medium Not required Complete Complete Complete
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
3 CVE-2022-28739 125 2022-05-09 2022-05-19
4.3
None Remote Medium Not required Partial None None
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
4 CVE-2022-28463 120 Overflow 2022-05-08 2022-05-17
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
5 CVE-2022-28346 89 Sql 2022-04-12 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
6 CVE-2022-27239 787 Overflow +Priv 2022-04-27 2022-05-16
7.2
None Local Low Not required Complete Complete Complete
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
7 CVE-2022-27114 190 Overflow 2022-05-09 2022-05-17
4.3
None Remote Medium Not required None None Partial
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.
8 CVE-2022-26847 200 +Info 2022-03-10 2022-03-18
5.0
None Remote Low Not required Partial None None
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
9 CVE-2022-26846 Exec Code 2022-03-10 2022-03-18
6.5
None Remote Low ??? Partial Partial Partial
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
10 CVE-2022-26662 776 2022-03-10 2022-03-18
5.0
None Remote Low Not required None None Partial
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.
11 CVE-2022-26661 611 2022-03-10 2022-03-18
4.0
None Remote Low ??? Partial None None
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.
12 CVE-2022-26496 787 Overflow 2022-03-06 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
13 CVE-2022-26495 190 Overflow 2022-03-06 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
14 CVE-2022-26291 416 DoS 2022-03-28 2022-05-24
4.3
None Remote Medium Not required None None Partial
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file.
15 CVE-2022-25636 269 +Priv 2022-02-24 2022-05-10
6.9
None Local Medium Not required Complete Complete Complete
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
16 CVE-2022-25315 190 Overflow 2022-02-18 2022-04-27
7.5
None Remote Low Not required Partial Partial Partial
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
17 CVE-2022-25314 190 Overflow 2022-02-18 2022-04-27
5.0
None Remote Low Not required None None Partial
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
18 CVE-2022-25313 400 2022-02-18 2022-04-27
4.3
None Remote Medium Not required None None Partial
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
19 CVE-2022-25258 476 Mem. Corr. 2022-02-16 2022-05-11
4.9
None Local Low Not required None None Complete
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.
20 CVE-2022-25236 668 2022-02-16 2022-05-24
7.5
None Remote Low Not required Partial Partial Partial
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
21 CVE-2022-25235 116 2022-02-16 2022-04-27
7.5
None Remote Low Not required Partial Partial Partial
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
22 CVE-2022-24921 400 2022-03-05 2022-05-10
5.0
None Remote Low Not required None None Partial
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
23 CVE-2022-24884 347 2022-05-06 2022-05-16
5.0
None Remote Low Not required None Partial None
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.
24 CVE-2022-24407 89 Sql 2022-02-24 2022-04-25
6.5
None Remote Low ??? Partial Partial Partial
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
25 CVE-2022-24302 362 2022-03-17 2022-05-23
4.3
None Remote Medium Not required Partial None None
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
26 CVE-2022-24301 276 2022-02-02 2022-02-28
6.4
None Remote Low Not required Partial Partial None
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.
27 CVE-2022-24300 74 2022-02-02 2022-02-28
7.5
None Remote Low Not required Partial Partial Partial
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
28 CVE-2022-24070 416 Mem. Corr. 2022-04-12 2022-04-20
5.0
None Remote Low Not required None None Partial
Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.
29 CVE-2022-23990 190 Overflow 2022-01-26 2022-04-27
7.5
None Remote Low Not required Partial Partial Partial
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
30 CVE-2022-23959 444 2022-01-26 2022-03-17
6.4
None Remote Low Not required Partial Partial None
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
31 CVE-2022-23943 787 2022-03-14 2022-04-20
7.5
None Remote Low Not required Partial Partial Partial
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
32 CVE-2022-23852 190 Overflow 2022-01-24 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
33 CVE-2022-23837 770 2022-01-21 2022-04-25
5.0
None Remote Low Not required None None Partial
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
34 CVE-2022-23806 252 2022-02-11 2022-05-10
6.4
None Remote Low Not required None Partial Partial
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
35 CVE-2022-23772 190 Overflow 2022-02-11 2022-05-10
7.8
None Remote Low Not required None None Complete
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
36 CVE-2022-23648 200 Bypass +Info 2022-03-03 2022-04-25
5.0
None Remote Low Not required Partial None None
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.
37 CVE-2022-23614 74 2022-02-04 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.
38 CVE-2022-23608 416 2022-02-22 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.
39 CVE-2022-23607 200 +Info 2022-02-01 2022-05-01
4.3
None Remote Medium Not required Partial None None
treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to *every* domain ("supercookies"). This can potentially cause sensitive information to leak upon an HTTP redirect to a different domain., e.g. should `https://example.com` redirect to `http://cloudstorageprovider.com` the latter will receive the cookie `session`. Treq 2021.1.0 and later bind cookies given to request methods (`treq.request`, `treq.get`, `HTTPClient.request`, `HTTPClient.get`, etc.) to the origin of the *url* parameter. Users are advised to upgrade. For users unable to upgrade Instead of passing a dictionary as the *cookies* argument, pass a `http.cookiejar.CookieJar` instance with properly domain- and scheme-scoped cookies in it.
40 CVE-2022-23222 476 +Priv 2022-01-14 2022-02-28
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
41 CVE-2022-23134 863 2022-01-13 2022-02-10
5.0
None Remote Low Not required None Partial None
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
42 CVE-2022-23098 835 2022-01-28 2022-03-01
5.0
None Remote Low Not required None None Partial
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
43 CVE-2022-23097 125 2022-01-28 2022-03-01
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.
44 CVE-2022-23096 125 2022-01-28 2022-03-01
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
45 CVE-2022-23094 476 DoS 2022-01-15 2022-01-24
5.0
None Remote Low Not required None None Partial
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
46 CVE-2022-22844 125 2022-01-10 2022-04-25
4.3
None Remote Medium Not required None None Partial
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
47 CVE-2022-22817 2022-01-10 2022-04-22
7.5
None Remote Low Not required Partial Partial Partial
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used,
48 CVE-2022-22816 125 2022-01-10 2022-02-16
6.4
None Remote Low Not required None Partial Partial
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
49 CVE-2022-22815 665 2022-01-10 2022-05-04
6.4
None Remote Low Not required None Partial Partial
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
50 CVE-2022-22721 190 Overflow 2022-03-14 2022-05-17
6.8
None Remote Medium Not required Partial Partial Partial
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
Total number of vulnerabilities : 5568   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.