Filtered by vendor Debian
Subscribe
Total
8961 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30783 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2023-11-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. | |||||
| CVE-2022-2978 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-11-07 | N/A | 7.8 HIGH |
| A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | |||||
| CVE-2022-2946 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2023-11-07 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0246. | |||||
| CVE-2022-2929 | 3 Debian, Fedoraproject, Isc | 3 Debian Linux, Fedora, Dhcp | 2023-11-07 | N/A | 6.5 MEDIUM |
| In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. | |||||
| CVE-2022-2928 | 3 Debian, Fedoraproject, Isc | 3 Debian Linux, Fedora, Dhcp | 2023-11-07 | N/A | 6.5 MEDIUM |
| In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. | |||||
| CVE-2022-2905 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2023-11-07 | N/A | 5.5 MEDIUM |
| An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. | |||||
| CVE-2022-2873 | 5 Debian, Fedoraproject, Linux and 2 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2023-11-07 | N/A | 5.5 MEDIUM |
| An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. | |||||
| CVE-2022-2869 | 3 Debian, Fedoraproject, Libtiff | 3 Debian Linux, Fedora, Libtiff | 2023-11-07 | N/A | 5.5 MEDIUM |
| libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. | |||||
| CVE-2022-2868 | 3 Debian, Fedoraproject, Libtiff | 3 Debian Linux, Fedora, Libtiff | 2023-11-07 | N/A | 5.5 MEDIUM |
| libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. | |||||
| CVE-2022-2867 | 3 Debian, Fedoraproject, Libtiff | 3 Debian Linux, Fedora, Libtiff | 2023-11-07 | N/A | 5.5 MEDIUM |
| libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. | |||||
| CVE-2022-2795 | 3 Debian, Fedoraproject, Isc | 3 Debian Linux, Fedora, Bind | 2023-11-07 | N/A | 5.3 MEDIUM |
| By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | |||||
| CVE-2022-2553 | 3 Clusterlabs, Debian, Fedoraproject | 3 Booth, Debian Linux, Fedora | 2023-11-07 | N/A | 6.5 MEDIUM |
| The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. | |||||
| CVE-2022-2509 | 4 Debian, Fedoraproject, Gnu and 1 more | 4 Debian Linux, Fedora, Gnutls and 1 more | 2023-11-07 | N/A | 7.5 HIGH |
| A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. | |||||
| CVE-2022-2304 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2285 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2132 | 4 Debian, Dpdk, Fedoraproject and 1 more | 8 Debian Linux, Data Plane Development Kit, Fedora and 5 more | 2023-11-07 | N/A | 8.6 HIGH |
| A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | |||||
| CVE-2022-2129 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2126 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2124 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer Over-read in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2097 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Active Iq Unified Manager and 12 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | |||||