Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-36359 | 2 Debian, Djangoproject | 2 Debian Linux, Django | 2024-02-04 | N/A | 8.8 HIGH |
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. | |||||
CVE-2022-2519 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-02-04 | N/A | 6.5 MEDIUM |
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 | |||||
CVE-2022-3324 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-02-04 | N/A | 7.8 HIGH |
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. | |||||
CVE-2022-3551 | 3 Debian, Fedoraproject, X.org | 3 Debian Linux, Fedora, X Server | 2024-02-04 | N/A | 6.5 MEDIUM |
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052. | |||||
CVE-2022-32212 | 4 Debian, Fedoraproject, Nodejs and 1 more | 4 Debian Linux, Fedora, Node.js and 1 more | 2024-02-04 | N/A | 8.1 HIGH |
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | |||||
CVE-2022-2795 | 3 Debian, Fedoraproject, Isc | 3 Debian Linux, Fedora, Bind | 2024-02-04 | N/A | 5.3 MEDIUM |
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | |||||
CVE-2022-44638 | 3 Debian, Fedoraproject, Pixman | 3 Debian Linux, Fedora, Pixman | 2024-02-04 | N/A | 8.8 HIGH |
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. | |||||
CVE-2022-2905 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-02-04 | N/A | 5.5 MEDIUM |
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. | |||||
CVE-2022-25314 | 4 Debian, Fedoraproject, Libexpat Project and 1 more | 5 Debian Linux, Fedora, Libexpat and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | |||||
CVE-2021-3700 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-04 | 4.4 MEDIUM | 6.4 MEDIUM |
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. | |||||
CVE-2022-23772 | 3 Debian, Golang, Netapp | 6 Debian Linux, Go, Beegfs Csi Driver and 3 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. | |||||
CVE-2022-30594 | 3 Debian, Linux, Netapp | 21 Debian Linux, Linux Kernel, 8300 and 18 more | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | |||||
CVE-2022-1441 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. | |||||
CVE-2022-1328 | 3 Debian, Fedoraproject, Mutt | 3 Debian Linux, Fedora, Mutt | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line | |||||
CVE-2022-26110 | 2 Debian, Wisc | 2 Debian Linux, Htcondor | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. | |||||
CVE-2021-3930 | 3 Debian, Qemu, Redhat | 10 Debian Linux, Qemu, Codeready Linux Builder and 7 more | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. | |||||
CVE-2022-0711 | 3 Debian, Haproxy, Redhat | 5 Debian Linux, Haproxy, Enterprise Linux and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. | |||||
CVE-2021-4115 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned | |||||
CVE-2022-1049 | 2 Clusterlabs, Debian | 2 Pcs, Debian Linux | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. | |||||
CVE-2022-31002 | 2 Debian, Signalwire | 2 Debian Linux, Sofia-sip | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. |