Total
8822 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24300 | 2 Debian, Minetest | 2 Debian Linux, Minetest | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection. | |||||
| CVE-2022-40023 | 2 Debian, Sqlalchemy | 2 Debian Linux, Mako | 2023-08-08 | N/A | 7.5 HIGH |
| Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. | |||||
| CVE-2021-44717 | 3 Debian, Golang, Opengroup | 3 Debian Linux, Go, Unix | 2023-08-08 | 5.8 MEDIUM | 4.8 MEDIUM |
| Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | |||||
| CVE-2021-33624 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-08-08 | 4.7 MEDIUM | 4.7 MEDIUM |
| In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. | |||||
| CVE-2022-25375 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. | |||||
| CVE-2021-44538 | 4 Cinny Project, Debian, Matrix and 1 more | 6 Cinny, Debian Linux, Element and 3 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web. | |||||
| CVE-2022-30287 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2023-08-08 | N/A | 8.0 HIGH |
| Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. | |||||
| CVE-2022-30594 | 3 Debian, Linux, Netapp | 21 Debian Linux, Linux Kernel, 8300 and 18 more | 2023-08-08 | 4.4 MEDIUM | 7.8 HIGH |
| The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | |||||
| CVE-2021-43536 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2022-46338 | 2 Debian, G810-led Project | 2 Debian Linux, G810-led | 2023-08-08 | N/A | 6.5 MEDIUM |
| g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data. | |||||
| CVE-2022-24921 | 3 Debian, Golang, Netapp | 3 Debian Linux, Go, Astra Trident | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | |||||
| CVE-2022-40307 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-08-08 | N/A | 4.7 MEDIUM |
| An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. | |||||
| CVE-2021-40985 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. | |||||
| CVE-2022-20422 | 2 Debian, Google | 2 Debian Linux, Android | 2023-08-08 | N/A | 7.0 HIGH |
| In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel | |||||
| CVE-2021-45972 | 2 Debian, Giftrans Project | 2 Debian Linux, Giftrans | 2023-08-08 | 5.8 MEDIUM | 7.1 HIGH |
| The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data. | |||||
| CVE-2022-21151 | 3 Debian, Intel, Netapp | 796 Debian Linux, Celeron J1750, Celeron J1750 Firmware and 793 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-41837 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-08-07 | N/A | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-41794 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-08-07 | N/A | 9.8 CRITICAL |
| A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-41649 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-08-07 | N/A | 9.1 CRITICAL |
| A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2017-16516 | 2 Debian, Yajl-ruby Project | 2 Debian Linux, Yajl-ruby | 2023-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. | |||||