Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-27530 | 2 Debian, Rack Project | 2 Debian Linux, Rack | 2024-02-04 | N/A | 7.5 HIGH |
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. | |||||
CVE-2023-28466 | 3 Debian, Linux, Netapp | 7 Debian Linux, Linux Kernel, Baseboard Management Controller H300s and 4 more | 2024-02-04 | N/A | 7.0 HIGH |
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). | |||||
CVE-2022-41838 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 9.8 CRITICAL |
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2023-24038 | 2 Debian, Html-stripscripts Project | 2 Debian Linux, Html-stripscripts | 2024-02-04 | N/A | 7.5 HIGH |
The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. | |||||
CVE-2022-43597 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 8.1 HIGH |
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`. | |||||
CVE-2022-30123 | 2 Debian, Rack Project | 2 Debian Linux, Rack | 2024-02-04 | N/A | 10.0 CRITICAL |
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. | |||||
CVE-2022-46338 | 2 Debian, G810-led Project | 2 Debian Linux, G810-led | 2024-02-04 | N/A | 6.5 MEDIUM |
g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data. | |||||
CVE-2022-43598 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 8.1 HIGH |
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`. | |||||
CVE-2022-41639 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 9.8 CRITICAL |
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-46341 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-04 | N/A | 8.8 HIGH |
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | |||||
CVE-2023-27522 | 3 Apache, Debian, Unbit | 3 Http Server, Debian Linux, Uwsgi | 2024-02-04 | N/A | 7.5 HIGH |
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. | |||||
CVE-2022-35256 | 4 Debian, Llhttp, Nodejs and 1 more | 4 Debian Linux, Llhttp, Node.js and 1 more | 2024-02-04 | N/A | 6.5 MEDIUM |
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. | |||||
CVE-2022-46343 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-04 | N/A | 8.8 HIGH |
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | |||||
CVE-2022-41999 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 7.5 HIGH |
A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2023-23454 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | N/A | 5.5 MEDIUM |
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | |||||
CVE-2022-45939 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Emacs | 2024-02-04 | N/A | 7.8 HIGH |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
CVE-2022-47929 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | N/A | 5.5 MEDIUM |
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. | |||||
CVE-2022-46340 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-04 | N/A | 8.8 HIGH |
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. | |||||
CVE-2022-47629 | 2 Debian, Gnupg | 2 Debian Linux, Libksba | 2024-02-04 | N/A | 9.8 CRITICAL |
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. | |||||
CVE-2022-46877 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-02-04 | N/A | 4.3 MEDIUM |
By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. |