Debian Linux vulnerabilities

9,911 known vulnerabilities affecting debian/debian_linux.

Total CVEs

9,911

CISA KEV

119

actively exploited

Public exploits

429

Exploited in wild

132

Severity breakdown

CRITICAL1128HIGH4110MEDIUM4311LOW362

Vulnerabilities

Page 120 of 496

CVE-2022-23036HIGHCVSS 7.0v9.02022-03-10

CVE-2022-23036 [HIGH] CWE-362 CVE-2022-23036: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting

nvd

CVE-2022-0204HIGHCVSS 8.8v10.02022-03-10

CVE-2022-0204 [HIGH] CWE-119 CVE-2022-0204: A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local n A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

nvd

CVE-2022-0891HIGHCVSS 7.1v10.0v11.02022-03-10

CVE-2022-0891 [HIGH] CWE-787 CVE-2022-0891: A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3. A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

nvd

CVE-2022-23039HIGHCVSS 7.0v9.02022-03-10

CVE-2022-23039 [HIGH] CVE-2022-23039: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in pote

nvd

CVE-2022-23037HIGHCVSS 7.0v9.02022-03-10

CVE-2022-23037 [HIGH] CVE-2022-23037: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in pote

nvd

CVE-2022-23040HIGHCVSS 7.0v9.02022-03-10

CVE-2022-23040 [HIGH] CVE-2022-23040: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in pote

nvd

CVE-2022-23038HIGHCVSS 7.0v9.02022-03-10

CVE-2022-23038 [HIGH] CVE-2022-23038: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in pote

nvd

CVE-2022-23041HIGHCVSS 7.0v9.02022-03-10

CVE-2022-23041 [HIGH] CVE-2022-23041: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in pote

nvd

CVE-2022-26846HIGHCVSS 8.8v9.0v10.0+1 more2022-03-10

CVE-2022-26846 [HIGH] CVE-2022-26846: SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary cod SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.

nvd

CVE-2022-23042HIGHCVSS 7.0v9.02022-03-10

CVE-2022-23042 [HIGH] CVE-2022-23042: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in pote

nvd

CVE-2022-26661MEDIUMCVSS 6.5v9.0v10.0+1 more2022-03-10

CVE-2022-26661 [MEDIUM] CWE-611 CVE-2022-26661: An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file

nvd

CVE-2021-32434MEDIUMCVSS 5.5v9.02022-03-10

CVE-2021-32434 [MEDIUM] CWE-125 CVE-2021-32434: abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at d abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.

nvd

CVE-2021-32436MEDIUMCVSS 6.5v9.02022-03-10

CVE-2021-32436 [MEDIUM] CWE-125 CVE-2021-32436: An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote atta An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.

nvd

CVE-2021-32435MEDIUMCVSS 5.5v9.02022-03-10

CVE-2021-32435 [MEDIUM] CWE-787 CVE-2021-32435: Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote att Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.

nvd

CVE-2022-26847MEDIUMCVSS 5.3v9.0v10.0+1 more2022-03-10

CVE-2022-26847 [MEDIUM] CWE-200 CVE-2022-26847: SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.

nvd

CVE-2022-0865MEDIUMCVSS 6.5v10.0v11.02022-03-10

CVE-2022-0865 [MEDIUM] CWE-617 CVE-2022-0865: Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a c Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.

nvd

CVE-2022-24349MEDIUMCVSS 4.4v9.02022-03-09

CVE-2022-24349 [MEDIUM] CWE-79 CVE-2022-24349: An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it t An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineerin

nvd

CVE-2022-24917MEDIUMCVSS 4.4v9.02022-03-09

CVE-2022-24917 [MEDIUM] CWE-79 CVE-2022-24917: An authenticated user can create a link with reflected Javascript code inside it for services’ page An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can ma

nvd

CVE-2022-24919MEDIUMCVSS 4.4v9.02022-03-09

CVE-2022-24919 [MEDIUM] CWE-79 CVE-2022-24919: An authenticated user can create a link with reflected Javascript code inside it for graphs’ page an An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can mak

nvd

CVE-2022-24713HIGHCVSS 7.5v9.0v10.0+1 more2022-03-08

CVE-2022-24713 [HIGH] CWE-400 CVE-2022-24713: regex is an implementation of regular expressions for the Rust language. The regex crate features bu regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's consi

nvd

← Previous120 / 496Next →