Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-02 | CVE-2022-43252 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | Debian_linux, Libde265 | 6.5 | ||
| 2022-11-02 | CVE-2022-43253 | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | Debian_linux, Libde265 | 6.5 | ||
| 2022-11-03 | CVE-2022-44638 | In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. | Debian_linux, Fedora, Pixman | 8.8 | ||
| 2022-11-04 | CVE-2021-34055 | jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. | Debian_linux, Jhead | 7.8 | ||
| 2022-11-06 | CVE-2022-40284 | A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. | Debian_linux, Fedora, Ntfs\-3g | 7.8 | ||
| 2022-11-09 | CVE-2022-45060 | An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | Debian_linux, Fedora, Varnish_cache, Varnish_cache_plus, Varnish_cache | 7.5 | ||
| 2022-11-09 | CVE-2022-45062 | In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. | Debian_linux, Fedora, Xfce4\-Settings | 9.8 | ||
| 2022-11-18 | CVE-2022-44641 | In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | Debian_linux, Lava | 6.5 | ||
| 2022-11-26 | CVE-2022-24999 | qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4... | Debian_linux, Express, Qs | 7.5 | ||
| 2022-11-27 | CVE-2022-45934 | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | Debian_linux, Fedora, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware | 7.8 |