Total
8822 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6495 | 3 Debian, Google, Opensuse | 4 Debian Linux, Chrome, Backports and 1 more | 2022-10-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2020-36322 | 3 Debian, Linux, Starwindsoftware | 3 Debian Linux, Linux Kernel, Starwind Virtual San | 2022-10-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. | |||||
| CVE-2019-5477 | 3 Canonical, Debian, Nokogiri | 3 Ubuntu Linux, Debian Linux, Nokogiri | 2022-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4. | |||||
| CVE-2019-20163 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2022-10-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. | |||||
| CVE-2019-20162 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2022-10-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. | |||||
| CVE-2019-20161 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2022-10-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. | |||||
| CVE-2019-20170 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2022-10-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c. | |||||
| CVE-2019-20165 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2022-10-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c. | |||||
| CVE-2020-2778 | 5 Canonical, Debian, Netapp and 2 more | 20 Ubuntu Linux, Debian Linux, 7-mode Transition Tool and 17 more | 2022-10-14 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2022-0854 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-10-14 | 2.1 LOW | 5.5 MEDIUM |
| A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. | |||||
| CVE-2022-1328 | 3 Debian, Fedoraproject, Mutt | 3 Debian Linux, Fedora, Mutt | 2022-10-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line | |||||
| CVE-2022-26874 | 2 Debian, Horde | 2 Debian Linux, Horde Mime Viewer | 2022-10-14 | 3.5 LOW | 5.4 MEDIUM |
| lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. | |||||
| CVE-2022-1734 | 3 Debian, Linux, Netapp | 18 Debian Linux, Linux Kernel, H300e and 15 more | 2022-10-14 | 4.4 MEDIUM | 7.0 HIGH |
| A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | |||||
| CVE-2021-26119 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2022-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. | |||||
| CVE-2021-26120 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2022-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | |||||
| CVE-2021-37148 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2022-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1. | |||||
| CVE-2021-37149 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2022-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0. | |||||
| CVE-2021-44759 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2022-10-14 | 6.8 MEDIUM | 8.1 HIGH |
| Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0. | |||||
| CVE-2021-44040 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2022-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1. | |||||
| CVE-2022-30293 | 2 Debian, Webkitgtk | 2 Debian Linux, Webkitgtk | 2022-10-14 | 5.1 MEDIUM | 7.5 HIGH |
| In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. | |||||