CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian » Debian Linux : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-35414 908 2022-07-11 2022-12-09
6.1
None Local Low Not required Partial Partial Complete
** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time."
2 CVE-2022-32278 Exec Code 2022-06-13 2022-07-08
6.8
None Remote Medium Not required Partial Partial Partial
XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.
3 CVE-2022-31626 120 Exec Code Overflow 2022-06-16 2022-12-15
6.0
None Remote Medium ??? Partial Partial Partial
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
4 CVE-2022-31625 763 DoS 2022-06-16 2022-12-15
6.8
None Remote Medium Not required Partial Partial Partial
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
5 CVE-2022-31086 434 Exec Code 2022-06-27 2022-07-07
6.0
None Remote Medium ??? Partial Partial Partial
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue.
6 CVE-2022-31084 88 Exec Code 2022-06-27 2022-10-28
6.8
None Remote Medium Not required Partial Partial Partial
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0.
7 CVE-2022-31081 444 +Priv 2022-06-27 2022-10-29
6.4
None Remote Low Not required Partial Partial None
HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my $cl = $rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected.
8 CVE-2022-29582 416 2022-04-22 2022-10-26
6.9
None Local Medium Not required Complete Complete Complete
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
9 CVE-2022-29221 94 2022-05-24 2022-12-08
6.5
None Remote Low ??? Partial Partial Partial
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
10 CVE-2022-28463 120 Overflow 2022-05-08 2022-05-17
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
11 CVE-2022-27223 129 2022-03-16 2023-01-19
6.5
None Remote Low ??? Partial Partial Partial
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
12 CVE-2022-26846 Exec Code 2022-03-10 2022-03-18
6.5
None Remote Low ??? Partial Partial Partial
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
13 CVE-2022-26499 918 2022-04-15 2023-02-02
6.4
None Remote Low Not required Partial Partial None
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
14 CVE-2022-26362 362 2022-06-09 2022-08-24
6.9
None Local Medium Not required Complete Complete Complete
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.
15 CVE-2022-26357 362 Bypass 2022-04-05 2022-07-01
6.2
None Local High Not required Complete Complete Complete
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.
16 CVE-2022-26110 2022-04-06 2022-09-03
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.
17 CVE-2022-25636 269 +Priv 2022-02-24 2022-07-25
6.9
None Local Medium Not required Complete Complete Complete
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
18 CVE-2022-24903 120 Exec Code Overflow 2022-05-06 2023-01-20
6.8
None Remote Medium Not required Partial Partial Partial
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.
19 CVE-2022-24801 444 2022-04-04 2022-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.
20 CVE-2022-24407 89 Sql 2022-02-24 2022-11-07
6.5
None Remote Low ??? Partial Partial Partial
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
21 CVE-2022-24301 276 2022-02-02 2022-02-28
6.4
None Remote Low Not required Partial Partial None
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.
22 CVE-2022-23959 444 2022-01-26 2022-08-02
6.4
None Remote Low Not required Partial Partial None
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
23 CVE-2022-23947 121 Exec Code Overflow 2022-02-04 2022-09-01
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
24 CVE-2022-23946 121 Exec Code Overflow 2022-02-04 2022-09-01
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
25 CVE-2022-23806 252 2022-02-11 2022-11-09
6.4
None Remote Low Not required None Partial Partial
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
26 CVE-2022-23804 121 Exec Code Overflow 2022-02-16 2022-09-01
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
27 CVE-2022-23803 121 Exec Code Overflow 2022-02-16 2022-09-01
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
28 CVE-2022-23097 125 2022-01-28 2022-09-29
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.
29 CVE-2022-23096 125 2022-01-28 2022-09-29
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
30 CVE-2022-22827 190 Overflow 2022-01-10 2022-10-06
6.8
None Remote Medium Not required Partial Partial Partial
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
31 CVE-2022-22826 190 Overflow 2022-01-10 2022-10-06
6.8
None Remote Medium Not required Partial Partial Partial
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
32 CVE-2022-22825 190 Overflow 2022-01-10 2022-10-06
6.8
None Remote Medium Not required Partial Partial Partial
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
33 CVE-2022-22816 125 2022-01-10 2023-01-31
6.4
None Remote Low Not required None Partial Partial
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
34 CVE-2022-22815 665 2022-01-10 2023-01-31
6.4
None Remote Low Not required None Partial Partial
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
35 CVE-2022-21831 94 Exec Code 2022-05-26 2023-01-27
6.8
None Remote Medium Not required Partial Partial Partial
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
36 CVE-2022-21824 1321 2022-02-24 2022-11-10
6.4
None Remote Low Not required None Partial Partial
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.
37 CVE-2022-21723 125 2022-01-27 2023-02-02
6.4
None Remote Low Not required Partial None Partial
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.
38 CVE-2022-21722 125 2022-01-27 2023-02-02
6.4
None Remote Low Not required Partial None Partial
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.
39 CVE-2022-21664 89 Sql 2022-01-06 2022-04-12
6.5
None Remote Low ??? Partial Partial Partial
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
40 CVE-2022-21663 74 Bypass 2022-01-06 2022-07-28
6.5
None Remote Low ??? Partial Partial Partial
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
41 CVE-2022-20001 74 Exec Code 2022-03-14 2022-10-29
6.8
None Remote Medium Not required Partial Partial Partial
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.
42 CVE-2022-2304 787 Overflow 2022-07-05 2022-12-08
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
43 CVE-2022-2285 190 Overflow 2022-07-02 2022-12-08
6.8
None Remote Medium Not required Partial Partial Partial
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
44 CVE-2022-2129 787 2022-06-19 2022-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
45 CVE-2022-2126 125 2022-06-19 2022-10-31
6.8
None Remote Medium Not required Partial Partial Partial
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
46 CVE-2022-2124 125 2022-06-19 2022-10-31
6.8
None Remote Medium Not required Partial Partial Partial
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
47 CVE-2022-2000 787 2022-06-09 2022-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
48 CVE-2022-1968 416 2022-06-02 2022-12-08
6.8
None Remote Medium Not required Partial Partial Partial
Use After Free in GitHub repository vim/vim prior to 8.2.
49 CVE-2022-1942 122 Overflow 2022-05-31 2022-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
50 CVE-2022-1898 416 2022-05-27 2022-12-08
6.8
None Remote Medium Not required Partial Partial Partial
Use After Free in GitHub repository vim/vim prior to 8.2.
Total number of vulnerabilities : 1587   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.