U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 1,756 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-28203

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

Published: September 19, 2022; 5:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-28201

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.

Published: September 19, 2022; 5:15:09 PM -0400
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2022-40674

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Published: September 14, 2022; 7:15:54 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2020-35533

In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.

Published: September 01, 2022; 2:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2020-35532

In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.

Published: September 01, 2022; 2:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2020-35531

In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.

Published: September 01, 2022; 2:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2020-35530

In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.

Published: September 01, 2022; 2:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-2132

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

Published: August 31, 2022; 12:15:10 PM -0400
V3.1: 8.6 HIGH
V2.0:(not available)
CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Published: August 31, 2022; 12:15:09 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-1204

A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

Published: August 29, 2022; 11:15:10 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

Published: August 29, 2022; 11:15:09 AM -0400
V3.1: 4.9 MEDIUM
V2.0:(not available)
CVE-2022-2787

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.

Published: August 27, 2022; 8:15:08 AM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2021-3864

A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.

Published: August 26, 2022; 12:15:09 PM -0400
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2021-3735

A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.

Published: August 26, 2022; 12:15:09 PM -0400
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2021-3669

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

Published: August 26, 2022; 12:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

Published: August 26, 2022; 12:15:08 PM -0400
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2021-4214

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

Published: August 24, 2022; 12:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2021-4213

A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.

Published: August 24, 2022; 12:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2021-4189

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Published: August 24, 2022; 12:15:09 PM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2021-4159

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

Published: August 24, 2022; 12:15:09 PM -0400
V3.1: 4.4 MEDIUM
V2.0:(not available)