Filtered by vendor Debian
Subscribe
Total
10139 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32292 | 2 Debian, Intel | 2 Debian Linux, Connman | 2024-11-21 | N/A | 9.8 CRITICAL |
| In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. | |||||
| CVE-2022-32278 | 2 Debian, Xfce | 2 Debian Linux, Exo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | |||||
| CVE-2022-32250 | 4 Debian, Fedoraproject, Linux and 1 more | 13 Debian Linux, Fedora, Linux Kernel and 10 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. | |||||
| CVE-2022-32215 | 6 Debian, Fedoraproject, Llhttp and 3 more | 6 Debian Linux, Fedora, Llhttp and 3 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). | |||||
| CVE-2022-32214 | 4 Debian, Llhttp, Nodejs and 1 more | 4 Debian Linux, Llhttp, Node.js and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). | |||||
| CVE-2022-32213 | 6 Debian, Fedoraproject, Llhttp and 3 more | 6 Debian Linux, Fedora, Llhttp and 3 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). | |||||
| CVE-2022-32212 | 4 Debian, Fedoraproject, Nodejs and 1 more | 4 Debian Linux, Fedora, Node.js and 1 more | 2024-11-21 | N/A | 8.1 HIGH |
| A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | |||||
| CVE-2022-32091 | 3 Debian, Fedoraproject, Mariadb | 3 Debian Linux, Fedora, Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. | |||||
| CVE-2022-32088 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. | |||||
| CVE-2022-32087 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. | |||||
| CVE-2022-32085 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. | |||||
| CVE-2022-32084 | 3 Debian, Fedoraproject, Mariadb | 3 Debian Linux, Fedora, Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. | |||||
| CVE-2022-32083 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. | |||||
| CVE-2022-31799 | 3 Bottlepy, Debian, Fedoraproject | 3 Bottle, Debian Linux, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Bottle before 0.12.20 mishandles errors during early request binding. | |||||
| CVE-2022-31780 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
| CVE-2022-31779 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
| CVE-2022-31778 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2. | |||||
| CVE-2022-31676 | 6 Debian, Fedoraproject, Linux and 3 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
| VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. | |||||
| CVE-2022-31628 | 3 Debian, Fedoraproject, Php | 3 Debian Linux, Fedora, Php | 2024-11-21 | N/A | 2.3 LOW |
| In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. | |||||
| CVE-2022-31626 | 2 Debian, Php | 2 Debian Linux, Php | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. | |||||