Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
10040 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29500 | 3 Debian, Fedoraproject, Schedmd | 3 Debian Linux, Fedora, Slurm | 2024-11-21 | 8.8 High |
| SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. | ||||
| CVE-2022-29187 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Xcode, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.8 High |
| Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks. | ||||
| CVE-2022-29155 | 3 Debian, Netapp, Openldap | 14 Debian Linux, H300s, H300s Firmware and 11 more | 2024-11-21 | 9.8 Critical |
| In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. | ||||
| CVE-2022-28893 | 4 Debian, Linux, Netapp and 1 more | 25 Debian Linux, Linux Kernel, H300e and 22 more | 2024-11-21 | 7.8 High |
| The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. | ||||
| CVE-2022-28389 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2024-11-21 | 5.5 Medium |
| mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | ||||
| CVE-2022-28203 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 7.5 High |
| A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query. | ||||
| CVE-2022-28202 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. | ||||
| CVE-2022-28201 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 4.4 Medium |
| An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message. | ||||
| CVE-2022-28129 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2024-11-21 | 7.5 High |
| Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | ||||
| CVE-2022-28044 | 2 Debian, Irzip Project | 2 Debian Linux, Irzip | 2024-11-21 | 9.8 Critical |
| Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. | ||||
| CVE-2022-28042 | 3 Debian, Fedoraproject, Nothings | 3 Debian Linux, Fedora, Stb Image.h | 2024-11-21 | 8.8 High |
| stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. | ||||
| CVE-2022-28041 | 3 Debian, Fedoraproject, Nothings | 3 Debian Linux, Fedora, Stb Image.h | 2024-11-21 | 6.5 Medium |
| stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | ||||
| CVE-2022-27777 | 3 Debian, Redhat, Rubyonrails | 3 Debian Linux, Satellite, Actionpack | 2024-11-21 | 6.1 Medium |
| A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | ||||
| CVE-2022-27776 | 7 Brocade, Debian, Fedoraproject and 4 more | 19 Fabric Operating System, Debian Linux, Fedora and 16 more | 2024-11-21 | 6.5 Medium |
| A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | ||||
| CVE-2022-27775 | 6 Brocade, Debian, Haxx and 3 more | 18 Fabric Operating System, Debian Linux, Curl and 15 more | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. | ||||
| CVE-2022-27666 | 5 Debian, Fedoraproject, Linux and 2 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2024-11-21 | 7.8 High |
| A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. | ||||
| CVE-2022-27456 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. | ||||
| CVE-2022-27452 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. | ||||
| CVE-2022-27449 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. | ||||
| CVE-2022-27448 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. | ||||