Total
9113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1810 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1667 | 4 Debian, Fedoraproject, Libssh and 1 more | 4 Debian Linux, Fedora, Libssh and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. | |||||
| CVE-2023-1380 | 5 Canonical, Debian, Linux and 2 more | 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more | 2024-11-21 | N/A | 7.1 HIGH |
| A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. | |||||
| CVE-2023-1077 | 3 Debian, Linux, Netapp | 22 Debian Linux, Linux Kernel, 8300 and 19 more | 2024-11-21 | N/A | 7.0 HIGH |
| In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. | |||||
| CVE-2023-0770 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | N/A | 7.8 HIGH |
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. | |||||
| CVE-2023-0458 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
| A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 | |||||
| CVE-2023-0330 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. | |||||
| CVE-2022-4907 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4338 | 2 Debian, Openvswitch | 2 Debian Linux, Openvswitch | 2024-11-21 | N/A | 9.8 CRITICAL |
| An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | |||||
| CVE-2022-4337 | 2 Debian, Openvswitch | 2 Debian Linux, Openvswitch | 2024-11-21 | N/A | 9.8 CRITICAL |
| An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. | |||||
| CVE-2022-48566 | 3 Debian, Netapp, Python | 4 Debian Linux, Active Iq Unified Manager, Converged Systems Advisor Agent and 1 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | |||||
| CVE-2022-48565 | 2 Debian, Python | 2 Debian Linux, Python | 2024-11-21 | N/A | 9.8 CRITICAL |
| An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | |||||
| CVE-2022-48560 | 2 Debian, Python | 2 Debian Linux, Python | 2024-11-21 | N/A | 7.5 HIGH |
| A use-after-free exists in Python through 3.9 via heappushpop in heapq. | |||||
| CVE-2022-48554 | 2 Debian, File Project | 2 Debian Linux, File | 2024-11-21 | N/A | 5.5 MEDIUM |
| File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. | |||||
| CVE-2022-46344 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | |||||
| CVE-2022-46329 | 3 Debian, Fedoraproject, Intel | 6 Debian Linux, Fedora, Killer and 3 more | 2024-11-21 | N/A | 8.2 HIGH |
| Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-45939 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Emacs | 2024-11-21 | N/A | 7.8 HIGH |
| GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
| CVE-2022-45934 | 4 Debian, Fedoraproject, Linux and 1 more | 13 Debian Linux, Fedora, Linux Kernel and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | |||||
| CVE-2022-45442 | 2 Debian, Sinatrarb | 2 Debian Linux, Sinatra | 2024-11-21 | N/A | 8.8 HIGH |
| Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. | |||||
| CVE-2022-45188 | 3 Debian, Fedoraproject, Netatalk | 3 Debian Linux, Fedora, Netatalk | 2024-11-21 | N/A | 7.8 HIGH |
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | |||||