Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-11 | CVE-2022-20422 | In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel | Debian_linux, Android | 7.0 | ||
| 2022-11-30 | CVE-2022-46338 | g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data. | Debian_linux, G810\-Led | 6.5 | ||
| 2022-12-22 | CVE-2022-41649 | A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability. | Debian_linux, Openimageio | 9.1 | ||
| 2022-12-22 | CVE-2022-41794 | A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | Debian_linux, Openimageio | 9.8 | ||
| 2022-12-22 | CVE-2022-41837 | An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | Debian_linux, Openimageio | 9.8 | ||
| 2017-11-03 | CVE-2017-16516 | In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. | Debian_linux, Yajl\-Ruby | 7.5 | ||
| 2019-12-03 | CVE-2019-19527 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | Debian_linux, Linux_kernel, Leap | 6.8 | ||
| 2021-07-21 | CVE-2021-2369 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker.... | Debian_linux, Graalvm, Java_se, Jdk | 4.3 | ||
| 2018-07-25 | CVE-2018-1002200 | plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | Plexus\-Archiver, Debian_linux, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_workstation | 5.5 | ||
| 2022-05-12 | CVE-2022-1650 | Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. | Debian_linux, Eventsource | 9.3 |