Debian Linux vulnerabilities
9,911 known vulnerabilities affecting debian/debian_linux.
Total CVEs
9,911
CISA KEV
119
actively exploited
Public exploits
429
Exploited in wild
132
Severity breakdown
CRITICAL1128HIGH4110MEDIUM4311LOW362
Vulnerabilities
Page 126 of 496
CVE-2021-40403MEDIUMCVSS 6.3v11.02022-02-04
CVE-2021-40403 [MEDIUM] CWE-456 CVE-2021-40403: An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality
An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerabil
nvd
CVE-2022-24448LOWCVSS 3.3v9.0v10.0+1 more2022-02-04
CVE-2022-24448 [LOW] CWE-755 CVE-2022-24448: An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets th
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
nvd
CVE-2022-23833HIGHCVSS 7.5v11.02022-02-03
CVE-2022-23833 [HIGH] CWE-835 CVE-2022-23833: An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 b
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
nvd
CVE-2022-22818MEDIUMCVSS 6.1v11.02022-02-03
CVE-2022-22818 [MEDIUM] CWE-79 CVE-2022-22818: The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 do
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
nvd
CVE-2022-24300CRITICALCVSS 9.8v10.0v11.02022-02-02
CVE-2022-24300 [CRITICAL] CVE-2022-24300: Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
nvd
CVE-2022-21724CRITICALCVSS 9.8v9.0v10.0+1 more2022-02-02
CVE-2022-21724 [CRITICAL] CWE-665 CVE-2022-21724: pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postg
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClas
nvd
CVE-2022-0443HIGHCVSS 7.8v9.0v10.02022-02-02
CVE-2022-0443 [HIGH] CWE-416 CVE-2022-0443: Use After Free in GitHub repository vim/vim prior to 8.2.
Use After Free in GitHub repository vim/vim prior to 8.2.
nvd
CVE-2022-24301MEDIUMCVSS 6.5v10.0v11.02022-02-02
CVE-2022-24301 [MEDIUM] CWE-276 CVE-2022-24301: In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.
nvd
CVE-2022-0417HIGHCVSS 7.8v9.0v10.02022-02-01
CVE-2022-0417 [HIGH] CWE-122 CVE-2022-0417: Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
nvd
CVE-2021-43859HIGHCVSS 7.5v9.02022-02-01
CVE-2021-43859 [HIGH] CWE-400 CVE-2021-43859: XStream is an open source java library to serialize objects to XML and back again. Versions prior to
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors an
nvd
CVE-2021-46669HIGHCVSS 7.5v10.02022-02-01
CVE-2021-46669 [HIGH] CWE-416 CVE-2021-46669: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BI
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
nvd
CVE-2022-23607MEDIUMCVSS 6.5v9.02022-02-01
CVE-2022-23607 [MEDIUM] CWE-200 CVE-2022-23607: treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request
treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to *every* domain ("supercookies"). This can potentially cause sensit
nvd
CVE-2021-45079CRITICALCVSS 9.1v9.0v10.0+1 more2022-01-31
CVE-2021-45079 [CRITICAL] CWE-476 CVE-2021-45079: In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
nvd
CVE-2022-24130MEDIUMCVSS 5.5v9.02022-01-31
CVE-2022-24130 [MEDIUM] CWE-120 CVE-2022-24130: xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflo
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
nvd
CVE-2022-0408HIGHCVSS 7.8v9.0v10.02022-01-30
CVE-2022-0408 [HIGH] CWE-121 CVE-2022-0408: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
nvd
CVE-2022-0413HIGHCVSS 7.8v9.0v10.02022-01-30
CVE-2022-0413 [HIGH] CWE-416 CVE-2022-0413: Use After Free in GitHub repository vim/vim prior to 8.2.
Use After Free in GitHub repository vim/vim prior to 8.2.
nvd
CVE-2022-23096CRITICALCVSS 9.1v9.0v11.02022-01-28
CVE-2022-23096 [CRITICAL] CWE-125 CVE-2022-23096: An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementatio
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
nvd
CVE-2022-23097CRITICALCVSS 9.1v9.0v11.02022-01-28
CVE-2022-23097 [CRITICAL] CWE-125 CVE-2022-23097: An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a str
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.
nvd
CVE-2022-0392HIGHCVSS 7.8v10.02022-01-28
CVE-2022-0392 [HIGH] CWE-122 CVE-2022-0392: Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
nvd
CVE-2022-23098HIGHCVSS 7.5v9.0v11.02022-01-28
CVE-2022-23098 [HIGH] CWE-835 CVE-2022-23098: An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementatio
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
nvd