U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 3,938 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2022-24958

drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.

Published: February 11, 2022; 1:15:06 AM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

Published: February 10, 2022; 8:15:07 PM -0500
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2022-23772

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

Published: February 10, 2022; 8:15:07 PM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2022-0554

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.

Published: February 10, 2022; 5:15:07 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-0534

A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).

Published: February 09, 2022; 6:15:16 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-21712

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.

Published: February 07, 2022; 5:15:08 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-23947

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Published: February 04, 2022; 6:15:15 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-23946

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Published: February 04, 2022; 6:15:15 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-0487

A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

Published: February 04, 2022; 6:15:12 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-46671

options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.

Published: February 04, 2022; 4:15:08 PM -0500
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2022-24448

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.

Published: February 04, 2022; 3:15:08 PM -0500
V3.1: 3.3 LOW
V2.0: 1.9 LOW
CVE-2022-0443

Use After Free in GitHub repository vim/vim prior to 8.2.

Published: February 02, 2022; 4:15:07 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-21724

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.

Published: February 02, 2022; 7:15:08 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-0417

Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.

Published: February 01, 2022; 8:15:10 AM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-43859

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.

Published: February 01, 2022; 7:15:08 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-23607

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to *every* domain ("supercookies"). This can potentially cause sensitive information to leak upon an HTTP redirect to a different domain., e.g. should `https://example.com` redirect to `http://cloudstorageprovider.com` the latter will receive the cookie `session`. Treq 2021.1.0 and later bind cookies given to request methods (`treq.request`, `treq.get`, `HTTPClient.request`, `HTTPClient.get`, etc.) to the origin of the *url* parameter. Users are advised to upgrade. For users unable to upgrade Instead of passing a dictionary as the *cookies* argument, pass a `http.cookiejar.CookieJar` instance with properly domain- and scheme-scoped cookies in it.

Published: February 01, 2022; 6:15:11 AM -0500
V3.1: 7.4 HIGH
V2.0: 4.3 MEDIUM
CVE-2021-45079

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

Published: January 31, 2022; 3:15:07 AM -0500
V3.1: 9.1 CRITICAL
V2.0: 5.8 MEDIUM
CVE-2022-24130

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

Published: January 31, 2022; 12:15:08 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.6 LOW
CVE-2022-0413

Use After Free in GitHub repository vim/vim prior to 8.2.

Published: January 30, 2022; 10:15:07 AM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-0408

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Published: January 30, 2022; 10:15:07 AM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM