Debian Linux vulnerabilities
9,911 known vulnerabilities affecting debian/debian_linux.
Total CVEs
9,911
CISA KEV
119
actively exploited
Public exploits
429
Exploited in wild
132
Severity breakdown
CRITICAL1128HIGH4110MEDIUM4311LOW362
Vulnerabilities
Page 128 of 496
CVE-2022-23035MEDIUMCVSS 4.6v11.02022-01-25
CVE-2022-23035 [MEDIUM] CWE-459 CVE-2022-23035: Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical d
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be
nvd
CVE-2022-23852CRITICALCVSS 9.8v9.02022-01-24
CVE-2022-23852 [CRITICAL] CWE-190 CVE-2022-23852: Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
nvd
CVE-2021-23518CRITICALCVSS 9.8v10.02022-01-21
CVE-2021-23518 [CRITICAL] CWE-1321 CVE-2021-23518: The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache va
The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__,
nvd
CVE-2022-0318CRITICALCVSS 9.8v10.02022-01-21
CVE-2022-0318 [CRITICAL] CWE-122 CVE-2022-0318: Heap-based Buffer Overflow in vim/vim prior to 8.2.
Heap-based Buffer Overflow in vim/vim prior to 8.2.
nvd
CVE-2022-23837HIGHCVSS 7.5v9.02022-01-21
CVE-2022-23837 [HIGH] CWE-770 CVE-2022-23837: In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requestin
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
nvd
CVE-2021-45417HIGHCVSS 7.8v9.0v10.0+1 more2022-01-20
CVE-2021-45417 [HIGH] CWE-787 CVE-2021-45417: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as X
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
nvd
CVE-2022-23221CRITICALCVSS 9.8v9.0v10.0+1 more2022-01-19
CVE-2022-23221 [CRITICAL] CVE-2022-23221: H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC U
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
nvd
CVE-2021-33912CRITICALCVSS 9.8v9.02022-01-19
CVE-2021-33912 [CRITICAL] CWE-787 CVE-2021-33912: libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers t
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply
nvd
CVE-2022-21699HIGHCVSS 8.8v9.0v10.0+1 more2022-01-19
CVE-2022-21699 [HIGH] CWE-250 CVE-2022-21699: IPython (Interactive Python) is a command shell for interactive computing in multiple programming la
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as
nvd
CVE-2022-21283MEDIUMCVSS 5.3v9.0v10.0+1 more2022-01-19
CVE-2022-21283 [MEDIUM] CVE-2022-21283: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to
nvd
CVE-2022-21365MEDIUMCVSS 5.3v9.0v10.0+1 more2022-01-19
CVE-2022-21365 [MEDIUM] CVE-2022-21365: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple
nvd
CVE-2022-21282MEDIUMCVSS 5.3v9.0v10.0+1 more2022-01-19
CVE-2022-21282 [MEDIUM] CVE-2022-21282: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple pro
nvd
CVE-2022-21305MEDIUMCVSS 5.3v9.0v10.0+1 more2022-01-19
CVE-2022-21305 [MEDIUM] CVE-2022-21305: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple
nvd
CVE-2021-23225MEDIUMCVSS 5.4v9.02022-01-19
CVE-2021-23225 [MEDIUM] CWE-79 CVE-2021-23225: Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web scr
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.
nvd
CVE-2022-21340MEDIUMCVSS 5.3v9.0v10.0+1 more2022-01-19
CVE-2022-21340 [MEDIUM] CVE-2022-21340: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multipl
nvd
CVE-2022-21291MEDIUMCVSS 5.3v10.0v11.02022-01-19
CVE-2022-21291 [MEDIUM] CVE-2022-21291: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple
nvd
CVE-2022-21296MEDIUMCVSS 5.3v9.0v10.0+1 more2022-01-19
CVE-2022-21296 [MEDIUM] CVE-2022-21296: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple pro
nvd
CVE-2022-21293MEDIUMCVSS 5.3v9.0v10.0+1 more2022-01-19
CVE-2022-21293 [MEDIUM] CVE-2022-21293: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multipl
nvd
CVE-2022-21366MEDIUMCVSS 5.3v10.0v11.02022-01-19
CVE-2022-21366 [MEDIUM] CVE-2022-21366: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to c
nvd
CVE-2022-21360MEDIUMCVSS 5.3v9.0v10.0+1 more2022-01-19
CVE-2022-21360 [MEDIUM] CVE-2022-21360: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple
nvd