Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 10211 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43592 2 Debian, Openimageio 2 Debian Linux, Openimageio 2026-06-17 N/A 5.9 MEDIUM
An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.
CVE-2022-43548 2 Debian, Nodejs 2 Debian Linux, Node.js 2026-06-17 N/A 8.1 HIGH
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
CVE-2022-43253 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43252 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43250 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43249 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43248 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43245 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43244 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43243 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43242 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43241 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43240 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43239 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43238 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43237 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43236 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-43235 2 Debian, Struktur 2 Debian Linux, Libde265 2026-06-17 N/A 6.5 MEDIUM
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
CVE-2022-42906 2 Debian, Powerline Gitstatus Project 2 Debian Linux, Powerline Gitstatus 2026-06-17 N/A 7.8 HIGH
powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker's control. NOTE: this is similar to CVE-2022-20001.
CVE-2022-42902 2 Debian, Linaro 2 Debian Linux, Lava 2026-06-17 N/A 8.8 HIGH
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.