Filtered by vendor Debian
Subscribe
Total
9501 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25683 | 3 Debian, Fedoraproject, Thekelleys | 3 Debian Linux, Fedora, Dnsmasq | 2025-11-04 | 7.1 HIGH | 5.9 MEDIUM |
| A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-25682 | 3 Debian, Fedoraproject, Thekelleys | 3 Debian Linux, Fedora, Dnsmasq | 2025-11-04 | 8.3 HIGH | 8.1 HIGH |
| A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-25681 | 3 Debian, Fedoraproject, Thekelleys | 3 Debian Linux, Fedora, Dnsmasq | 2025-11-04 | 8.3 HIGH | 8.1 HIGH |
| A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2024-31309 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2025-11-04 | N/A | 7.5 HIGH |
| HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue. | |||||
| CVE-2024-28219 | 2 Debian, Python | 2 Debian Linux, Pillow | 2025-11-04 | N/A | 6.7 MEDIUM |
| In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. | |||||
| CVE-2024-28182 | 3 Debian, Fedoraproject, Nghttp2 | 3 Debian Linux, Fedora, Nghttp2 | 2025-11-04 | N/A | 5.3 MEDIUM |
| nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability. | |||||
| CVE-2024-28085 | 2 Debian, Kernel | 2 Debian Linux, Util-linux | 2025-11-04 | N/A | 3.3 LOW |
| wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. | |||||
| CVE-2024-26817 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-11-04 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow. | |||||
| CVE-2024-25082 | 3 Debian, Fedoraproject, Fontforge | 3 Debian Linux, Fedora, Fontforge | 2025-11-04 | N/A | 6.5 MEDIUM |
| Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. | |||||
| CVE-2024-25081 | 3 Debian, Fedoraproject, Fontforge | 3 Debian Linux, Fedora, Fontforge | 2025-11-04 | N/A | 4.2 MEDIUM |
| Splinefont in FontForge through 20230101 allows command injection via crafted filenames. | |||||
| CVE-2023-6536 | 3 Debian, Linux, Redhat | 17 Debian Linux, Linux Kernel, Codeready Linux Builder Eus and 14 more | 2025-11-04 | N/A | 6.5 MEDIUM |
| A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. | |||||
| CVE-2023-6356 | 3 Debian, Linux, Redhat | 17 Debian Linux, Linux Kernel, Codeready Linux Builder Eus and 14 more | 2025-11-04 | N/A | 6.5 MEDIUM |
| A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. | |||||
| CVE-2023-5388 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-11-04 | N/A | 6.5 MEDIUM |
| NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||||
| CVE-2023-52160 | 6 Debian, Fedoraproject, Google and 3 more | 7 Debian Linux, Fedora, Android and 4 more | 2025-11-04 | N/A | 6.5 MEDIUM |
| The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | |||||
| CVE-2023-51766 | 3 Debian, Exim, Fedoraproject | 4 Debian Linux, Exim, Extra Packages For Enterprise Linux and 1 more | 2025-11-04 | N/A | 5.3 MEDIUM |
| Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. | |||||
| CVE-2023-46838 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2025-11-04 | N/A | 7.5 HIGH |
| Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. | |||||
| CVE-2023-38745 | 2 Debian, Pandoc | 2 Debian Linux, Pandoc | 2025-11-04 | N/A | 6.3 MEDIUM |
| Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names). | |||||
| CVE-2021-42260 | 2 Debian, Tinyxml Project | 2 Debian Linux, Tinyxml | 2025-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. | |||||
| CVE-2018-1311 | 5 Apache, Debian, Fedoraproject and 2 more | 10 Xerces-c\+\+, Debian Linux, Fedora and 7 more | 2025-11-04 | 6.8 MEDIUM | 8.1 HIGH |
| The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. | |||||
| CVE-2025-37792 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-11-04 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL dereference The btrtl_initialize() function checks that rtl_load_file() either had an error or it loaded a zero length file. However, if it loaded a zero length file then the error code is not set correctly. It results in an error pointer vs NULL bug, followed by a NULL pointer dereference. This was detected by Smatch: drivers/bluetooth/btrtl.c:592 btrtl_initialize() warn: passing zero to 'ERR_PTR' | |||||