U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 818 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-48281

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

Published: January 22, 2023; 10:15:09 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

Published: January 18, 2023; 12:15:10 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-47929

In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.

Published: January 17, 2023; 4:15:14 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-23589

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

Published: January 13, 2023; 8:15:15 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-23455

atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

Published: January 12, 2023; 2:15:09 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-23454

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

Published: January 12, 2023; 2:15:08 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-4338

An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.

Published: January 10, 2023; 5:15:14 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-4337

An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.

Published: January 10, 2023; 5:15:13 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-46877

By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.

Published: December 22, 2022; 3:15:46 PM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2022-46871

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.

Published: December 22, 2022; 3:15:45 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-47629

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

Published: December 20, 2022; 6:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-45693

Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.

Published: December 13, 2022; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-45685

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.

Published: December 13, 2022; 10:15:11 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-41325

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.

Published: December 06, 2022; 11:15:11 AM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

Published: December 03, 2022; 10:15:09 AM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-45934

An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

Published: November 26, 2022; 11:15:10 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-44789

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.

Published: November 23, 2022; 4:15:11 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-44641

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.

Published: November 18, 2022; 4:15:11 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-41916

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.

Published: November 15, 2022; 6:15:27 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-3890

Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Published: November 08, 2022; 11:15:10 PM -0500
V3.1: 9.6 CRITICAL
V2.0:(not available)