Filtered by vendor Debian
Subscribe
Total
10211 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48627 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to memcpy because memcpy does not ensure its behavior if the destination buffer overlaps with the source buffer. The line buffer is not always broken, because the memcpy utilizes the hardware acceleration, whose result is not deterministic. Fix this problem by using replacing the scr_memcpyw with scr_memmovew. | |||||
| CVE-2022-48566 | 3 Debian, Netapp, Python | 4 Debian Linux, Active Iq Unified Manager, Converged Systems Advisor Agent and 1 more | 2026-06-17 | N/A | 5.9 MEDIUM |
| An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | |||||
| CVE-2022-48565 | 2 Debian, Python | 2 Debian Linux, Python | 2026-06-17 | N/A | 9.8 CRITICAL |
| An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | |||||
| CVE-2022-48560 | 2 Debian, Python | 2 Debian Linux, Python | 2026-06-17 | N/A | 7.5 HIGH |
| A use-after-free exists in Python through 3.9 via heappushpop in heapq. | |||||
| CVE-2022-48554 | 2 Debian, File Project | 2 Debian Linux, File | 2026-06-17 | N/A | 5.5 MEDIUM |
| File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. | |||||
| CVE-2022-48337 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2026-06-17 | N/A | 9.8 CRITICAL |
| GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
| CVE-2022-48281 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2026-06-17 | N/A | 5.5 MEDIUM |
| processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. | |||||
| CVE-2022-48279 | 3 Debian, Owasp, Trustwave | 3 Debian Linux, Modsecurity, Modsecurity | 2026-06-17 | N/A | 7.5 HIGH |
| In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. | |||||
| CVE-2022-48174 | 2 Busybox, Debian | 2 Busybox, Debian Linux | 2026-06-17 | N/A | 9.8 CRITICAL |
| There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. | |||||
| CVE-2022-47951 | 2 Debian, Openstack | 4 Debian Linux, Cinder, Glance and 1 more | 2026-06-17 | N/A | 5.7 MEDIUM |
| An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. | |||||
| CVE-2022-47950 | 2 Debian, Openstack | 2 Debian Linux, Swift | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). | |||||
| CVE-2022-47929 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. | |||||
| CVE-2022-47655 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2026-06-17 | N/A | 7.8 HIGH |
| Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> | |||||
| CVE-2022-47629 | 2 Debian, Gnupg | 2 Debian Linux, Libksba | 2026-06-17 | N/A | 9.8 CRITICAL |
| Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. | |||||
| CVE-2022-47521 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2026-06-17 | N/A | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. | |||||
| CVE-2022-47520 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2026-06-17 | N/A | 7.1 HIGH |
| An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. | |||||
| CVE-2022-47519 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2026-06-17 | N/A | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. | |||||
| CVE-2022-47518 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2026-06-17 | N/A | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames. | |||||
| CVE-2022-47318 | 3 Debian, Fedoraproject, Ruby-git Project | 3 Debian Linux, Fedora, Ruby-git | 2026-06-17 | N/A | 8.0 HIGH |
| ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648. | |||||
| CVE-2022-47184 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2026-06-17 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0. | |||||
