Debian Linux vulnerabilities

9,911 known vulnerabilities affecting debian/debian_linux.

Total CVEs

9,911

CISA KEV

119

actively exploited

Public exploits

429

Exploited in wild

132

Severity breakdown

CRITICAL1128HIGH4110MEDIUM4311LOW362

Vulnerabilities

Page 115 of 496

CVE-2022-24851MEDIUMCVSS 4.8v11.02022-04-15

CVE-2022-24851 [MEDIUM] CWE-22 CVE-2022-24851: LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP dir LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any

nvd

CVE-2022-27448HIGHCVSS 7.5v10.02022-04-14

CVE-2022-27448 [HIGH] CWE-617 CVE-2022-27448: There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

nvd

CVE-2022-27449HIGHCVSS 7.5v10.02022-04-14

CVE-2022-27449 [HIGH] CVE-2022-27449: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/ MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

nvd

CVE-2022-27445HIGHCVSS 7.5v10.02022-04-14

CVE-2022-27445 [HIGH] CVE-2022-27445: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/ MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

nvd

CVE-2022-27452HIGHCVSS 7.5v10.02022-04-14

CVE-2022-27452 [HIGH] CVE-2022-27452: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/ MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

nvd

CVE-2022-27456HIGHCVSS 7.5v10.02022-04-14

CVE-2022-27456 [HIGH] CWE-416 CVE-2022-27456: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec:: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

nvd

CVE-2022-27447HIGHCVSS 7.5v10.02022-04-14

CVE-2022-27447 [HIGH] CWE-416 CVE-2022-27447: MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_s MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.

nvd

CVE-2022-1328MEDIUMCVSS 5.3v9.02022-04-14

CVE-2022-1328 [MEDIUM] CWE-120 CVE-2022-1328: Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allow Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line

nvd

CVE-2022-28347CRITICALCVSS 9.8v11.02022-04-12

CVE-2022-28347 [CRITICAL] CWE-89 CVE-2022-28347: A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3 A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.

nvd

CVE-2022-28346CRITICALCVSS 9.8v9.0v11.02022-04-12

CVE-2022-28346 [CRITICAL] CWE-89 CVE-2022-28346: An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QueryS An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.

nvd

CVE-2022-27378HIGHCVSS 7.5v10.02022-04-12

CVE-2022-27378 [HIGH] CWE-89 CVE-2022-27378: An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovere An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

nvd

CVE-2022-27380HIGHCVSS 7.5v10.02022-04-12

CVE-2022-27380 [HIGH] CWE-89 CVE-2022-27380: An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered t An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

nvd

CVE-2022-24765HIGHCVSS 7.8v10.02022-04-12

CVE-2022-24765 [HIGH] CWE-427 CVE-2022-24765: Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects use Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching

nvd

CVE-2022-27383HIGHCVSS 7.5v10.02022-04-12

CVE-2022-27383 [HIGH] CWE-416 CVE-2022-27383: MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strca MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.

nvd

CVE-2022-27384HIGHCVSS 7.5v10.02022-04-12

CVE-2022-27384 [HIGH] CWE-89 CVE-2022-27384: An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

nvd

CVE-2022-27377HIGHCVSS 7.5v10.02022-04-12

CVE-2022-27377 [HIGH] CWE-416 CVE-2022-27377: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_f MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

nvd

CVE-2022-27379HIGHCVSS 7.5v10.02022-04-12

CVE-2022-27379 [HIGH] CWE-89 CVE-2022-27379: An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

nvd

CVE-2022-24070HIGHCVSS 7.5v10.0v11.02022-04-12

CVE-2022-24070 [HIGH] CWE-416 CVE-2022-24070: Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorizati Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.

nvd

CVE-2022-27381HIGHCVSS 7.5v10.02022-04-12

CVE-2022-27381 [HIGH] CWE-89 CVE-2022-27381: An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to all An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

nvd

CVE-2022-27376HIGHCVSS 7.5v10.02022-04-12

CVE-2022-27376 [HIGH] CWE-416 CVE-2022-27376: MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_a MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.

nvd

← Previous115 / 496Next →