Debian Linux vulnerabilities

9,911 known vulnerabilities affecting debian/debian_linux.

Total CVEs

9,911

CISA KEV

119

actively exploited

Public exploits

429

Exploited in wild

132

Severity breakdown

CRITICAL1128HIGH4110MEDIUM4311LOW362

Vulnerabilities

Page 130 of 496

CVE-2021-37529MEDIUMCVSS 5.5v9.0v10.0+1 more2022-01-12

CVE-2021-37529 [MEDIUM] CWE-415 CVE-2021-37529: A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream func A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).

nvd

CVE-2022-22823CRITICALCVSS 9.8v10.0v11.02022-01-10

CVE-2022-22823 [CRITICAL] CWE-190 CVE-2022-22823: build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

nvd

CVE-2021-42392CRITICALCVSS 9.8v9.0v10.0+1 more2022-01-10

CVE-2021-42392 [CRITICAL] CWE-502 CVE-2021-42392: The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console whic

nvd

CVE-2022-22817CRITICALCVSS 9.8v9.0v10.0+1 more2022-01-10

CVE-2022-22817 [CRITICAL] CVE-2022-22817: PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones t PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.

nvd

CVE-2022-22822CRITICALCVSS 9.8v10.0v11.02022-01-10

CVE-2022-22822 [CRITICAL] CWE-190 CVE-2022-22822: addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

nvd

CVE-2022-22824CRITICALCVSS 9.8v10.0v11.02022-01-10

CVE-2022-22824 [CRITICAL] CWE-190 CVE-2022-22824: defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

nvd

CVE-2021-36409HIGHCVSS 7.8v10.0v11.02022-01-10

CVE-2021-36409 [HIGH] CWE-617 CVE-2021-36409: There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.

nvd

CVE-2022-22826HIGHCVSS 8.8v10.0v11.02022-01-10

CVE-2022-22826 [HIGH] CWE-190 CVE-2022-22826: nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

nvd

CVE-2020-29050HIGHCVSS 7.5v9.02022-01-10

CVE-2020-29050 [HIGH] CVE-2020-29050: SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.

nvd

CVE-2022-22825HIGHCVSS 8.8v10.0v11.02022-01-10

CVE-2022-22825 [HIGH] CWE-190 CVE-2022-22825: lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

nvd

CVE-2021-43579HIGHCVSS 7.8PoCv9.02022-01-10

CVE-2021-43579 [HIGH] CWE-787 CVE-2021-43579: A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execut A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.

nvd

CVE-2022-22827HIGHCVSS 8.8v10.0v11.02022-01-10

CVE-2022-22827 [HIGH] CWE-190 CVE-2022-22827: storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

nvd

CVE-2021-35452MEDIUMCVSS 6.5v10.02022-01-10

CVE-2021-35452 [MEDIUM] CWE-125 CVE-2021-35452: An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc. An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.

nvd

CVE-2021-36410MEDIUMCVSS 5.5v10.0v11.02022-01-10

CVE-2021-36410 [MEDIUM] CWE-787 CVE-2021-36410: A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fal A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.

nvd

CVE-2022-22816MEDIUMCVSS 6.5v9.0v10.0+1 more2022-01-10

CVE-2022-22816 [MEDIUM] CWE-125 CVE-2022-22816: path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImageP path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

nvd

CVE-2022-22815MEDIUMCVSS 6.5v9.0v10.0+1 more2022-01-10

CVE-2022-22815 [MEDIUM] CWE-665 CVE-2022-22815: path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

nvd

CVE-2022-22844MEDIUMCVSS 5.5v9.0v10.0+1 more2022-01-10

CVE-2022-22844 [MEDIUM] CWE-125 CVE-2022-22844: LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.

nvd

CVE-2021-36411MEDIUMCVSS 5.5v10.0v11.02022-01-10

CVE-2021-36411 [MEDIUM] CWE-125 CVE-2021-36411: An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.

nvd

CVE-2021-36408MEDIUMCVSS 5.5v10.0v11.02022-01-10

CVE-2021-36408 [MEDIUM] CWE-416 CVE-2021-36408: An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decodi An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.

nvd

CVE-2022-21663HIGHCVSS 7.2v9.0v10.0+1 more2022-01-06

CVE-2022-21663 [HIGH] CWE-74 CVE-2022-21663: WordPress is a free and open-source content management system written in PHP and paired with a Maria WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security rel

nvd

← Previous130 / 496Next →