Debian Security Vulnerabilities (CVEs)

CVE-2022-0943 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2.4563. Attackers can exploit this by tricking user...

This vulnerability in fish shell versions 3.1.0-3.3.1 allows arbitrary code execution when users navigate to directories containing malicious git conf...

CVE-2022-22719 is a memory corruption vulnerability in Apache HTTP Server where a specially crafted request body can cause the server to read from ran...

CVE-2022-24754 is a stack-buffer overflow vulnerability in PJSIP multimedia communication library that affects users accepting hashed digest credentia...

This vulnerability in libtiff allows an attacker to cause denial of service by passing a null pointer to memcpy() when processing specially crafted TI...

CVE-2020-36518 is a denial-of-service vulnerability in Jackson Databind where processing deeply nested JSON objects causes a Java StackOverflowError, ...

Multiple race condition vulnerabilities in Linux PV device frontends allow malicious Xen backends to maintain unauthorized access to guest memory page...

This CVE (CVE-2022-23038) is part of a series of vulnerabilities affecting Linux PV device frontends in Xen virtualization. It allows malicious or com...

Multiple race condition vulnerabilities in Linux PV device frontends allow malicious Xen backends to maintain unauthorized access to guest memory page...

CVE-2022-23042 is a race condition vulnerability in Linux Xen PV netfront driver where a malicious backend can trigger a BUG_ON() assertion failure, c...

This vulnerability allows remote authenticated editors in SPIP content management systems to execute arbitrary code on the server. It affects SPIP ins...

This CVE describes an XML Entity Expansion (XEE) vulnerability in Tryton Application Platform that allows unauthenticated attackers to send crafted XM...

A local privilege escalation vulnerability in the KVM subsystem for s390 architecture in Linux kernel allows a local attacker with normal user privile...

CVE-2022-0204 is a heap overflow vulnerability in BlueZ Bluetooth stack versions before 5.63. An attacker on the local network can send specially craf...

CVE-2022-24713 is a vulnerability in the Rust regex crate where built-in mitigations against regex-based denial of service attacks can be bypassed. Th...

CVE-2022-26505 is a DNS rebinding vulnerability in ReadyMedia (formerly MiniDLNA) that allows a malicious web server to bypass same-origin policy and ...

This CVE describes a buffer overflow vulnerability in the Linux kernel's NFC driver (st21nfca). Attackers can exploit this by sending specially crafte...

This vulnerability in Go's regexp.Compile function allows attackers to cause a denial of service via stack exhaustion by providing a deeply nested reg...

This CVE describes a use-after-free vulnerability in the Linux kernel's Bluetooth HCI subsystem. A privileged local attacker can trigger a race condit...

CVE-2022-21716 is a memory exhaustion vulnerability in Twisted's SSH client and server implementations. Attackers can send unlimited data during SSH v...

CVE-2022-0492 is a Linux kernel vulnerability in the cgroups v1 release_agent feature that allows local attackers to escalate privileges and escape co...

This vulnerability in containerd allows containers with specially-crafted image configurations to access read-only copies of arbitrary host files and ...

CVE-2022-0711 is a denial-of-service vulnerability in HAProxy where specially crafted HTTP responses containing Set-Cookie2 headers can trigger an inf...

CVE-2022-23308 is a use-after-free vulnerability in libxml2's validation component that allows attackers to potentially execute arbitrary code or caus...

This CVE describes a prototype pollution vulnerability in Node.js's console.table() function when user-controlled input is passed to the 'properties' ...

CVE-2022-0545 is an integer overflow vulnerability in Blender's 2D image processing that allows attackers to achieve arbitrary code execution or infor...

CVE-2022-25636 is a heap out-of-bounds write vulnerability in the Linux kernel's netfilter component that allows local users to escalate privileges to...

CVE-2022-24407 is a SQL injection vulnerability in Cyrus SASL authentication library. It allows attackers to inject arbitrary SQL commands via unescap...

CVE-2019-25058 is a privilege escalation vulnerability in USBGuard versions before 1.1.0 where the usbguard-dbus daemon allows unprivileged users to m...

CVE-2022-0729 is a use-after-free vulnerability in Vim's memory handling that allows an attacker to execute arbitrary code by tricking a user into ope...

This CVE describes a use-after-free vulnerability in PJSIP library versions up to 2.11.1 that occurs in dialog set scenarios. When multiple UAC dialog...

CVE-2022-0685 is a memory corruption vulnerability in Vim text editor caused by an out-of-range pointer offset. Attackers can exploit this by tricking...

This Linux kernel vulnerability allows remote attackers to bypass UDP source port randomization by exploiting flaws in ICMP error processing. Attacker...

CVE-2020-25717 is a privilege escalation vulnerability in Samba's domain user mapping mechanism. Authenticated attackers can exploit this flaw to gain...

This vulnerability in Samba's Active Directory Domain Controller allows attackers to bypass Kerberos authentication by exploiting confusion about user...

CVE-2022-25314 is an integer overflow vulnerability in Expat's copyString function that can lead to heap buffer overflow. This allows attackers to pot...

CVE-2021-44730 is a privilege escalation vulnerability in snapd where improper validation of the snap-confine binary location allows local attackers t...

CVE-2022-0629 is a stack-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code...