U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 3,599 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-1720

Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

Published: June 20, 2022; 11:15:10 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-2126

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Published: June 19, 2022; 9:15:07 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-2124

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

Published: June 19, 2022; 6:15:09 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-21166

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Published: June 15, 2022; 5:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-21125

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Published: June 15, 2022; 4:15:17 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-21123

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Published: June 15, 2022; 4:15:17 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-32278

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.

Published: June 13, 2022; 6:15:08 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-32250

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

Published: June 02, 2022; 5:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding.

Published: June 02, 2022; 10:15:58 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-26491

An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.

Published: June 02, 2022; 10:15:40 AM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-1968

Use After Free in GitHub repository vim/vim prior to 8.2.

Published: June 02, 2022; 10:15:34 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-26691

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.

Published: May 26, 2022; 2:15:09 PM -0400
V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2022-30786

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.

Published: May 26, 2022; 12:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-30784

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

Published: May 26, 2022; 12:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-1664

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.

Published: May 26, 2022; 10:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-29221

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.

Published: May 24, 2022; 11:15:07 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2022-30688

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.

Published: May 17, 2022; 3:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-1621

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Published: May 10, 2022; 10:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-28739

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

Published: May 09, 2022; 2:15:08 PM -0400
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2022-27114

There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.

Published: May 09, 2022; 1:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM