Debian: >> Debian Linux >> 10.0 Security Vulnerabilities
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
7.8
EPSS Score
0.007
Published
2022-02-04
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-02-04
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-02-04
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-02-04
Use After Free in GitHub repository vim/vim prior to 8.2.
CVSS Score
8.4
EPSS Score
0.002
Published
2022-02-02
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
7.0
EPSS Score
0.048
Published
2022-02-02
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-02-02
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-02-02
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
CVSS Score
8.4
EPSS Score
0.001
Published
2022-02-01
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-02-01