CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian » Debian Linux : Security Vulnerabilities (CVSS score between 6 and 8.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-29582 416 2022-04-22 2022-05-04
6.9
None Local Medium Not required Complete Complete Complete
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
2 CVE-2022-28463 120 Overflow 2022-05-08 2022-05-17
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
3 CVE-2022-28346 89 Sql 2022-04-12 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
4 CVE-2022-27239 787 Overflow +Priv 2022-04-27 2022-05-16
7.2
None Local Low Not required Complete Complete Complete
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
5 CVE-2022-26846 Exec Code 2022-03-10 2022-03-18
6.5
None Remote Low ??? Partial Partial Partial
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
6 CVE-2022-26496 787 Overflow 2022-03-06 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
7 CVE-2022-26495 190 Overflow 2022-03-06 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
8 CVE-2022-25636 269 +Priv 2022-02-24 2022-05-10
6.9
None Local Medium Not required Complete Complete Complete
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
9 CVE-2022-25315 190 Overflow 2022-02-18 2022-04-27
7.5
None Remote Low Not required Partial Partial Partial
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
10 CVE-2022-25236 668 2022-02-16 2022-05-24
7.5
None Remote Low Not required Partial Partial Partial
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
11 CVE-2022-25235 116 2022-02-16 2022-04-27
7.5
None Remote Low Not required Partial Partial Partial
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
12 CVE-2022-24407 89 Sql 2022-02-24 2022-04-25
6.5
None Remote Low ??? Partial Partial Partial
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
13 CVE-2022-24301 276 2022-02-02 2022-02-28
6.4
None Remote Low Not required Partial Partial None
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.
14 CVE-2022-24300 74 2022-02-02 2022-02-28
7.5
None Remote Low Not required Partial Partial Partial
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
15 CVE-2022-23990 190 Overflow 2022-01-26 2022-04-27
7.5
None Remote Low Not required Partial Partial Partial
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
16 CVE-2022-23959 444 2022-01-26 2022-03-17
6.4
None Remote Low Not required Partial Partial None
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
17 CVE-2022-23943 787 2022-03-14 2022-04-20
7.5
None Remote Low Not required Partial Partial Partial
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
18 CVE-2022-23852 190 Overflow 2022-01-24 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
19 CVE-2022-23806 252 2022-02-11 2022-05-10
6.4
None Remote Low Not required None Partial Partial
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
20 CVE-2022-23772 190 Overflow 2022-02-11 2022-05-10
7.8
None Remote Low Not required None None Complete
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
21 CVE-2022-23614 74 2022-02-04 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.
22 CVE-2022-23608 416 2022-02-22 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.
23 CVE-2022-23222 476 +Priv 2022-01-14 2022-02-28
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
24 CVE-2022-23097 125 2022-01-28 2022-03-01
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.
25 CVE-2022-23096 125 2022-01-28 2022-03-01
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
26 CVE-2022-22817 2022-01-10 2022-04-22
7.5
None Remote Low Not required Partial Partial Partial
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used,
27 CVE-2022-22816 125 2022-01-10 2022-02-16
6.4
None Remote Low Not required None Partial Partial
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
28 CVE-2022-22815 665 2022-01-10 2022-05-04
6.4
None Remote Low Not required None Partial Partial
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
29 CVE-2022-22721 190 Overflow 2022-03-14 2022-05-17
6.8
None Remote Medium Not required Partial Partial Partial
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
30 CVE-2022-22720 444 2022-03-14 2022-05-17
7.5
None Remote Low Not required Partial Partial Partial
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
31 CVE-2022-21724 665 Exec Code 2022-02-02 2022-05-27
7.5
None Remote Low Not required Partial Partial Partial
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
32 CVE-2022-21723 125 2022-01-27 2022-04-25
6.4
None Remote Low Not required Partial None Partial
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.
33 CVE-2022-21664 89 Sql 2022-01-06 2022-04-12
6.5
None Remote Low ??? Partial Partial Partial
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
34 CVE-2022-21663 74 Bypass 2022-01-06 2022-04-12
6.5
None Remote Low ??? Partial Partial Partial
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
35 CVE-2022-1616 416 Exec Code Bypass 2022-05-07 2022-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
36 CVE-2022-1048 362 2022-04-29 2022-05-11
6.9
None Local Medium Not required Complete Complete Complete
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.
37 CVE-2022-0730 287 Bypass 2022-03-03 2022-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
38 CVE-2022-0729 119 Overflow 2022-02-23 2022-03-29
6.5
None Remote Low ??? Partial Partial Partial
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
39 CVE-2022-0685 2022-02-20 2022-03-29
6.8
None Remote Medium Not required Partial Partial Partial
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
40 CVE-2022-0586 835 DoS 2022-02-14 2022-04-01
7.8
None Remote Low Not required None None Complete
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
41 CVE-2022-0582 74 DoS 2022-02-14 2022-04-01
7.5
None Remote Low Not required Partial Partial Partial
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
42 CVE-2022-0554 119 Overflow 2022-02-10 2022-03-29
6.8
None Remote Medium Not required Partial Partial Partial
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
43 CVE-2022-0408 121 Overflow 2022-01-30 2022-03-30
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
44 CVE-2022-0368 125 2022-01-26 2022-03-29
6.8
None Remote Medium Not required Partial Partial Partial
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
45 CVE-2022-0361 787 Overflow 2022-01-26 2022-03-29
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
46 CVE-2022-0359 787 Overflow 2022-01-26 2022-03-29
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
47 CVE-2022-0213 787 Overflow 2022-01-14 2022-03-29
6.8
None Remote Medium Not required Partial Partial Partial
vim is vulnerable to Heap-based Buffer Overflow
48 CVE-2021-45911 787 Overflow 2021-12-28 2022-03-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.
49 CVE-2021-45910 787 Overflow 2021-12-28 2022-03-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.
50 CVE-2021-45909 787 Overflow 2021-12-28 2022-04-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.
Total number of vulnerabilities : 2465   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.