Debian Linux vulnerabilities

9,911 known vulnerabilities affecting debian/debian_linux.

Total CVEs

9,911

CISA KEV

119

actively exploited

Public exploits

429

Exploited in wild

132

Severity breakdown

CRITICAL1128HIGH4110MEDIUM4311LOW362

Vulnerabilities

Page 87 of 496

CVE-2022-23515MEDIUMCVSS 6.1v10.02022-12-14

CVE-2022-23515 [MEDIUM] CWE-79 CVE-2022-23515: Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, buil Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.

nvd

CVE-2022-23527MEDIUMCVSS 6.1v10.02022-12-14

CVE-2022-23527 [MEDIUM] CWE-601 CVE-2022-23527: mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open r

nvd

CVE-2022-23518MEDIUMCVSS 6.1v10.02022-12-14

CVE-2022-23518 [MEDIUM] CWE-79 CVE-2022-23518: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, = 2.1.0. This issue is patched in version 1.4.4.

nvd

CVE-2022-45685HIGHCVSS 7.5v10.0v11.02022-12-13

CVE-2022-45685 [HIGH] CWE-787 CVE-2022-45685: A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via c A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.

nvd

CVE-2022-45693HIGHCVSS 7.5v10.0v11.02022-12-13

CVE-2022-45693 [HIGH] CWE-787 CVE-2022-45693: Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulner Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.

nvd

CVE-2022-41915MEDIUMCVSS 6.5v10.0v11.02022-12-13

CVE-2022-41915 [MEDIUM] CWE-113 CVE-2022-41915: Netty project is an event-driven asynchronous network application framework. Starting in version 4.1 Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has bee

nvd

CVE-2022-41881HIGHCVSS 7.5v10.0v11.02022-12-12

CVE-2022-41881 [HIGH] CWE-674 CVE-2022-41881: Netty project is an event-driven asynchronous network application framework. In versions prior to 4. Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.

nvd

CVE-2022-23484CRITICALCVSS 9.8v11.02022-12-09

CVE-2022-23484 [CRITICAL] CWE-190 CVE-2022-23484: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.

nvd

CVE-2022-23480CRITICALCVSS 9.8v11.02022-12-09

CVE-2022-23480 [CRITICAL] CWE-120 CVE-2022-23480: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade.

nvd

CVE-2022-23481CRITICALCVSS 9.1v11.02022-12-09

CVE-2022-23481 [CRITICAL] CWE-125 CVE-2022-23481: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade.

nvd

CVE-2022-23493CRITICALCVSS 9.1v11.02022-12-09

CVE-2022-23493 [CRITICAL] CWE-125 CVE-2022-23493: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade.

nvd

CVE-2022-23477CRITICALCVSS 9.8v11.02022-12-09

CVE-2022-23477 [CRITICAL] CWE-120 CVE-2022-23477: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade.

nvd

CVE-2022-23483CRITICALCVSS 9.1v11.02022-12-09

CVE-2022-23483 [CRITICAL] CWE-125 CVE-2022-23483: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.

nvd

CVE-2022-23482CRITICALCVSS 9.1v11.02022-12-09

CVE-2022-23482 [CRITICAL] CWE-125 CVE-2022-23482: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.

nvd

CVE-2022-23479CRITICALCVSS 9.8v11.02022-12-09

CVE-2022-23479 [CRITICAL] CWE-120 CVE-2022-23479: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.

nvd

CVE-2022-23478CRITICALCVSS 9.8v11.02022-12-09

CVE-2022-23478 [CRITICAL] CWE-787 CVE-2022-23478: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade.

nvd

CVE-2022-23468CRITICALCVSS 9.8v11.02022-12-09

CVE-2022-23468 [CRITICAL] CWE-120 CVE-2022-23468: xrdp is an open source project which provides a graphical login to remote machines using Microsoft R xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.

nvd

CVE-2022-3643MEDIUMCVSS 6.5v10.02022-12-07

CVE-2022-3643 [MEDIUM] CWE-74 CVE-2022-3643: Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear s

nvd

CVE-2022-42329MEDIUMCVSS 5.5v10.02022-12-07

CVE-2022-42329 [MEDIUM] CVE-2022-42329: Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Addi

nvd

CVE-2022-42328MEDIUMCVSS 5.5v10.02022-12-07

CVE-2022-42328 [MEDIUM] CWE-667 CVE-2022-42328: Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-4232

nvd

← Previous87 / 496Next →