Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-25 | CVE-2023-31130 | c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed... | C\-Ares, Debian_linux, Fedora | 6.4 | ||
| 2023-05-25 | CVE-2023-32067 | c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. | C\-Ares, Debian_linux, Fedora | 7.5 | ||
| 2023-07-24 | CVE-2023-20593 | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | Athlon_gold_7220u_firmware, Epyc_7232p_firmware, Epyc_7252_firmware, Epyc_7262_firmware, Epyc_7272_firmware, Epyc_7282_firmware, Epyc_7302_firmware, Epyc_7302p_firmware, Epyc_7352_firmware, Epyc_7402_firmware, Epyc_7402p_firmware, Epyc_7452_firmware, Epyc_7502_firmware, Epyc_7502p_firmware, Epyc_7532_firmware, Epyc_7542_firmware, Epyc_7552_firmware, Epyc_7642_firmware, Epyc_7662_firmware, Epyc_7702_firmware, Epyc_7702p_firmware, Epyc_7742_firmware, Epyc_7f32_firmware, Epyc_7f52_firmware, Epyc_7f72_firmware, Epyc_7h12_firmware, Ryzen_3_3100_firmware, Ryzen_3_3300x_firmware, Ryzen_3_4300g_firmware, Ryzen_3_4300ge_firmware, Ryzen_3_5300u_firmware, Ryzen_3_7320u_firmware, Ryzen_3_pro_4200g_firmware, Ryzen_3_pro_4350g_firmware, Ryzen_3_pro_4350ge_firmware, Ryzen_3_pro_4450u_firmware, Ryzen_5_3500_firmware, Ryzen_5_3500x_firmware, Ryzen_5_3600_firmware, Ryzen_5_3600x_firmware, Ryzen_5_3600xt_firmware, Ryzen_5_4600g_firmware, Ryzen_5_4600ge_firmware, Ryzen_5_5500u_firmware, Ryzen_5_7520u_firmware, Ryzen_5_pro_4400g_firmware, Ryzen_5_pro_4650g_firmware, Ryzen_5_pro_4650ge_firmware, Ryzen_7_3700x_firmware, Ryzen_7_3800x_firmware, Ryzen_7_3800xt_firmware, Ryzen_7_4700g_firmware, Ryzen_7_4700ge_firmware, Ryzen_7_5700u_firmware, Ryzen_7_pro_4750g_firmware, Ryzen_7_pro_4750ge_firmware, Ryzen_7_pro_4750u_firmware, Ryzen_9_3900_firmware, Ryzen_9_3900x_firmware, Ryzen_9_3900xt_firmware, Ryzen_9_3950x_firmware, Ryzen_9_pro_3900_firmware, Ryzen_threadripper_3960x_firmware, Ryzen_threadripper_3970x_firmware, Ryzen_threadripper_3990x_firmware, Ryzen_threadripper_pro_3945wx_firmware, Ryzen_threadripper_pro_3955wx_firmware, Ryzen_threadripper_pro_3975wx_firmware, Ryzen_threadripper_pro_3995wx_firmware, Debian_linux, Xen | 5.5 | ||
| 2023-08-08 | CVE-2023-20588 | A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | Athlon_gold_3150g_firmware, Athlon_gold_3150ge_firmware, Athlon_gold_pro_3150g_firmware, Athlon_gold_pro_3150ge_firmware, Athlon_pro_300ge_firmware, Athlon_silver_3050ge_firmware, Athlon_silver_pro_3125ge_firmware, Epyc_7251_firmware, Epyc_7261_firmware, Epyc_7281_firmware, Epyc_7301_firmware, Epyc_7351_firmware, Epyc_7351p_firmware, Epyc_7371_firmware, Epyc_7401_firmware, Epyc_7401p_firmware, Epyc_7451_firmware, Epyc_7501_firmware, Epyc_7551_firmware, Epyc_7551p_firmware, Epyc_7571_firmware, Epyc_7601_firmware, Ryzen_3_3200g_firmware, Ryzen_3_3200ge_firmware, Ryzen_3_pro_3200g_firmware, Ryzen_3_pro_3200ge_firmware, Ryzen_5_3400g_firmware, Ryzen_5_pro_3350g_firmware, Ryzen_5_pro_3350ge_firmware, Ryzen_5_pro_3400g_firmware, Ryzen_5_pro_3400ge_firmware, Debian_linux, Fedora, Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_21h2, Windows_11_22h2, Windows_11_23h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022_23h2, Xen | 5.5 | ||
| 2023-09-25 | CVE-2023-3550 | Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. | Debian_linux, Mediawiki | 7.3 | ||
| 2023-12-21 | CVE-2023-7024 | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Debian_linux, Fedora, Chrome | 8.8 | ||
| 2019-11-04 | CVE-2019-18683 | An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(),... | Fabric_operating_system, Ubuntu_linux, Debian_linux, Linux_kernel, 8300_firmware, 8700_firmware, A400_firmware, A700s_firmware, Active_iq_unified_manager, Cloud_backup, Data_availability_services, E\-Series_santricity_os_controller, Element_software, H610s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Leap | 7.0 | ||
| 2015-03-16 | CVE-2014-8159 | The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. | Ubuntu_linux, Debian_linux, Linux_kernel | N/A | ||
| 2021-05-26 | CVE-2021-22543 | An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. | Debian_linux, Fedora, Linux_kernel, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Solidfire_baseboard_management_controller_firmware | 7.8 | ||
| 2015-07-06 | CVE-2015-3281 | The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. | Ubuntu_linux, Debian_linux, Haproxy, Openstack_cloud, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_high_availability_extension | N/A |