Filtered by vendor Debian Subscriptions
Total 9298 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-5418 5 Debian, Fedoraproject, Opensuse and 2 more 8 Debian Linux, Fedora, Leap and 5 more 2025-07-09 7.5 High
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVE-2023-39417 3 Debian, Postgresql, Redhat 10 Debian Linux, Postgresql, Advanced Cluster Security and 7 more 2025-07-09 7.5 High
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
CVE-2023-6816 4 Debian, Fedoraproject, Redhat and 1 more 12 Debian Linux, Fedora, Enterprise Linux and 9 more 2025-07-09 9.8 Critical
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
CVE-2023-6478 4 Debian, Redhat, Tigervnc and 1 more 10 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 7 more 2025-07-09 7.6 High
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
CVE-2023-6377 4 Debian, Redhat, Tigervnc and 1 more 10 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 7 more 2025-07-09 7.8 High
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
CVE-2023-5367 4 Debian, Fedoraproject, Redhat and 1 more 16 Debian Linux, Fedora, Enterprise Linux and 13 more 2025-07-09 7.8 High
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
CVE-2019-16869 4 Canonical, Debian, Netty and 1 more 14 Ubuntu Linux, Debian Linux, Netty and 11 more 2025-07-07 7.5 High
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
CVE-2020-15598 2 Debian, Owasp 2 Debian Linux, Modsecurity 2025-07-03 7.5 High
Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial of Service condition. The vendor does not consider this as a security issue because1) there is no default configuration issue here. An attacker would need to know that a rule using a potentially problematic regular expression was in place, 2) the attacker would need to know the basic nature of the regular expression itself to exploit any resource issues. It's well known that regular expression usage can be taxing on system resources regardless of the use case. It is up to the administrator to decide on when it is appropriate to trade resources for potential security benefit
CVE-2021-42717 5 Debian, F5, Oracle and 2 more 6 Debian Linux, Nginx Modsecurity Waf, Http Server and 3 more 2025-07-03 7.5 High
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.
CVE-2022-48279 4 Debian, Owasp, Redhat and 1 more 4 Debian Linux, Modsecurity, Jboss Core Services and 1 more 2025-07-03 7.5 High
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.
CVE-2023-4358 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-07-03 8.8 High
Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-37050 2 Debian, Freedesktop 2 Debian Linux, Poppler 2025-07-02 6.5 Medium
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
CVE-2019-20444 5 Canonical, Debian, Fedoraproject and 2 more 19 Ubuntu Linux, Debian Linux, Fedora and 16 more 2025-07-01 9.1 Critical
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CVE-2023-4428 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-07-01 8.1 High
Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
CVE-2025-3891 3 Apache, Debian, Redhat 7 Http Server, Debian Linux, Enterprise Linux and 4 more 2025-07-01 7.5 High
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
CVE-2023-38709 7 Apache, Apple, Broadcom and 4 more 9 Http Server, Macos, Fabric Operating System and 6 more 2025-06-30 7.3 High
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
CVE-2024-24795 7 Apache, Apple, Broadcom and 4 more 8 Http Server, Macos, Fabric Operating System and 5 more 2025-06-30 6.3 Medium
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
CVE-2024-1936 3 Debian, Mozilla, Redhat 7 Debian Linux, Thunderbird, Enterprise Linux and 4 more 2025-06-30 7.5 High
The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.
CVE-2024-28130 2 Debian, Offis 2 Debian Linux, Dcmtk 2025-06-27 7.5 High
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-28463 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-06-25 7.8 High
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.