Search

Find a vulnerability

Search criteria

    800 vulnerabilities

    CVE-2026-11853 (GCVE-0-2026-11853)

    Vulnerability from cvelistv5 – Published: 2026-06-10 09:10 – Updated: 2026-06-10 18:50
    VLAI
    Summary
    Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Debian debusine Affected: 0.12.0 , < 0.14.9 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11853",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:49:26.303190Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:50:09.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "debusine",
              "vendor": "Debian",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.14.9",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.14.9",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to."
                }
              ],
              "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T09:12:23.194Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/work_items/1484"
            },
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3103"
            },
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/commit/c24cdc49fb258714767546bdec5b09f8065d414e"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2026-11853",
        "datePublished": "2026-06-10T09:10:30.301Z",
        "dateReserved": "2026-06-10T08:25:48.992Z",
        "dateUpdated": "2026-06-10T18:50:09.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11852 (GCVE-0-2026-11852)

    Vulnerability from cvelistv5 – Published: 2026-06-10 09:10 – Updated: 2026-06-10 18:51
    VLAI
    Summary
    Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Debian debusine Affected: 0.2.0 , < 0.14.6 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:51:52.457963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:51:58.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "debusine",
              "vendor": "Debian",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0.14.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "0.14.6",
                  "status": "affected",
                  "version": "0.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question."
                }
              ],
              "value": "Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T09:12:30.625Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/work_items/1499"
            },
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836"
            },
            {
              "url": "https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2026-11852",
        "datePublished": "2026-06-10T09:10:21.401Z",
        "dateReserved": "2026-06-10T08:25:35.480Z",
        "dateUpdated": "2026-06-10T18:51:58.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2219 (GCVE-0-2026-2219)

    Vulnerability from cvelistv5 – Published: 2026-03-07 08:10 – Updated: 2026-03-09 14:52
    VLAI
    Summary
    It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Debian dpkg Affected: 1.21.18 , < 1.23.6 (semver)
    Create a notification for this product.
    Credits
    Yashashree Gund
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2219",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T14:52:13.047553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-835",
                    "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T14:52:18.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "dpkg",
              "vendor": "Debian",
              "versions": [
                {
                  "lessThan": "1.23.6",
                  "status": "affected",
                  "version": "1.21.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Yashashree Gund"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIt was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).\u003c/p\u003e"
                }
              ],
              "value": "It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU)."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-07T10:02:03.145Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugs.debian.org/1129722"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2026-2219",
        "datePublished": "2026-03-07T08:10:53.207Z",
        "dateReserved": "2026-02-08T15:48:51.824Z",
        "dateUpdated": "2026-03-09T14:52:18.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8454 (GCVE-0-2025-8454)

    Vulnerability from cvelistv5 – Published: 2025-08-01 05:41 – Updated: 2025-08-01 13:47
    VLAI
    Summary
    It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    References
    Impacted products
    Credits
    Uwe Kleine-König
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8454",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-01T13:45:28.913524Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-347",
                    "description": "CWE-347 Improper Verification of Cryptographic Signature",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-01T13:47:20.337Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "devscripts",
              "vendor": "Debian",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Uwe Kleine-K\u00f6nig"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.\u003cbr\u003e"
                }
              ],
              "value": "It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-01T07:54:21.202Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://bugs.debian.org/1109251"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2025-8454",
        "datePublished": "2025-08-01T05:41:09.361Z",
        "dateReserved": "2025-08-01T05:31:30.538Z",
        "dateUpdated": "2025-08-01T13:47:20.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6297 (GCVE-0-2025-6297)

    Vulnerability from cvelistv5 – Published: 2025-07-01 16:16 – Updated: 2026-07-08 07:48
    VLAI
    Title
    dpkg-deb: Fix cleanup for control member with restricted directories
    Summary
    It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Debian dpkg Affected: 0 , < ed6bbd445dd8800308c67236ba35d08004c98e82 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-01T17:30:21.146019Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-732",
                    "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-01T17:30:37.332Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-08T07:48:03.368Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/07/msg00015.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "dpkg",
              "vendor": "Debian",
              "versions": [
                {
                  "lessThan": "ed6bbd445dd8800308c67236ba35d08004c98e82",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions.\u003cbr\u003e"
                }
              ],
              "value": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is\ndocumented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on\nadversarial .deb packages or with well compressible files, placed\ninside a directory with permissions not allowing removal by a non-root\nuser, this can end up in a DoS scenario due to causing disk quota\nexhaustion or disk full conditions."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-01T17:21:05.050Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "dpkg-deb: Fix cleanup for control member with restricted directories",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2025-6297",
        "datePublished": "2025-07-01T16:16:54.624Z",
        "dateReserved": "2025-06-19T07:40:18.350Z",
        "dateUpdated": "2026-07-08T07:48:03.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-0849 (GCVE-0-2015-0849)

    Vulnerability from cvelistv5 – Published: 2025-06-26 21:15 – Updated: 2025-07-02 14:17
    VLAI
    Summary
    pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-377 - Insecure Temporary File
    Assigner
    References
    Impacted products
    Vendor Product Version
    pycode-browser pycode-browser Affected: 0 , < 1.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.9,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2015-0849",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-02T14:16:16.742889Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-377",
                    "description": "CWE-377 Insecure Temporary File",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-02T14:17:44.734Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "pycode-browser",
              "vendor": "pycode-browser",
              "versions": [
                {
                  "lessThan": "1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability. \u003cbr\u003e"
                }
              ],
              "value": "pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-26T21:15:16.750Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://bugs.debian.org/790365"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-0849",
        "datePublished": "2025-06-26T21:15:16.750Z",
        "dateReserved": "2015-01-07T00:00:00.000Z",
        "dateUpdated": "2025-07-02T14:17:44.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0843 (GCVE-0-2015-0843)

    Vulnerability from cvelistv5 – Published: 2025-06-26 21:11 – Updated: 2025-06-27 18:38
    VLAI
    Summary
    yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    yubiserver yubiserver Affected: 0 , < 0.6 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2015-0843",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T18:37:53.138558Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T18:38:09.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "yubiserver",
              "vendor": "yubiserver",
              "versions": [
                {
                  "lessThan": "0.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.\u003cbr\u003e"
                }
              ],
              "value": "yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-27T08:22:35.907Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://bugs.debian.org/796495"
            },
            {
              "url": "http://www.include.gr/debian/yubiserver/#changelog"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-0843",
        "datePublished": "2025-06-26T21:11:01.801Z",
        "dateReserved": "2015-01-07T00:00:00.000Z",
        "dateUpdated": "2025-06-27T18:38:09.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0842 (GCVE-0-2015-0842)

    Vulnerability from cvelistv5 – Published: 2025-06-26 21:10 – Updated: 2025-06-27 18:39
    VLAI
    Summary
    yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    yubiserver yubiserver Affected: 0 , < 0.6 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2015-0842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T18:39:15.795527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T18:39:31.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "yubiserver",
              "vendor": "yubiserver",
              "versions": [
                {
                  "lessThan": "0.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.\u003cbr\u003e"
                }
              ],
              "value": "yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-26T21:10:52.404Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://bugs.debian.org/796495"
            },
            {
              "url": "http://www.include.gr/debian/yubiserver/#changelog"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-0842",
        "datePublished": "2025-06-26T21:10:52.404Z",
        "dateReserved": "2015-01-07T00:00:00.000Z",
        "dateUpdated": "2025-06-27T18:39:31.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6274 (GCVE-0-2014-6274)

    Vulnerability from cvelistv5 – Published: 2025-06-26 20:59 – Updated: 2025-06-27 18:41
    VLAI
    Title
    S3 and Glacier remotes creds embedded in the git repo were not encrypted
    Summary
    git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    Impacted products
    Vendor Product Version
    git-annex git-annex Affected: 3.20121126 , < 5.20140919 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-6274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T18:41:28.793228Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-311",
                    "description": "CWE-311 Missing Encryption of Sensitive Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T18:41:32.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "git-annex",
              "vendor": "git-annex",
              "versions": [
                {
                  "lessThan": "5.20140919",
                  "status": "affected",
                  "version": "3.20121126",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003egit-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes\nwas set, and the remote used encryption=pubkey or encryption=hybrid,\nthe embedded AWS credentials were stored in the git repository\nin (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919.\u003c/div\u003e"
                }
              ],
              "value": "git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes\nwas set, and the remote used encryption=pubkey or encryption=hybrid,\nthe embedded AWS credentials were stored in the git repository\nin (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-26T20:59:54.999Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://git-annex.branchable.com/upgrades/insecure_embedded_creds/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "S3 and Glacier remotes creds embedded in the git repo were not encrypted",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2014-6274",
        "datePublished": "2025-06-26T20:59:54.999Z",
        "dateReserved": "2014-09-09T00:00:00.000Z",
        "dateUpdated": "2025-06-27T18:41:32.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7210 (GCVE-0-2014-7210)

    Vulnerability from cvelistv5 – Published: 2025-06-26 20:52 – Updated: 2025-06-27 18:43
    VLAI
    Summary
    pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Debian pdns Affected: 0 , < 3.3.1-1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-7210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T18:43:03.978949Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T18:43:10.094Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "pdns",
              "vendor": "Debian",
              "versions": [
                {
                  "lessThan": "3.3.1-1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends\nare not affected.\u003cbr\u003e"
                }
              ],
              "value": "pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends\nare not affected."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-26T20:52:47.356Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://lists.debian.org/debian-lts-announce/2016/05/msg00046.html"
            },
            {
              "url": "https://salsa.debian.org/debian/pdns/-/commit/f0de6b3583039bb63344fbd5eb246939264d7b05"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2014-7210",
        "datePublished": "2025-06-26T20:52:47.356Z",
        "dateReserved": "2014-09-27T00:00:00.000Z",
        "dateUpdated": "2025-06-27T18:43:10.094Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0468 (GCVE-0-2014-0468)

    Vulnerability from cvelistv5 – Published: 2025-06-26 20:39 – Updated: 2025-06-27 14:39
    VLAI
    Summary
    Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    fusionforge fusionforge Affected: 0 , < 5.3+20140506 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-0468",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T14:34:41.152990Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T14:39:39.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "fusionforge",
              "vendor": "fusionforge",
              "versions": [
                {
                  "lessThan": "5.3+20140506",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that \nthe users would have uploaded in their raw SCM repositories (SVN, Git, \nBzr...). This issue affects fusionforge: before 5.3+20140506."
                }
              ],
              "value": "Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that \nthe users would have uploaded in their raw SCM repositories (SVN, Git, \nBzr...). This issue affects fusionforge: before 5.3+20140506."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-26T20:39:24.065Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html"
            },
            {
              "url": "https://web.archive.org/web/20151019035734/http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2014-0468",
        "datePublished": "2025-06-26T20:39:24.065Z",
        "dateReserved": "2013-12-19T00:00:00.000Z",
        "dateUpdated": "2025-06-27T14:39:39.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1424 (GCVE-0-2013-1424)

    Vulnerability from cvelistv5 – Published: 2025-06-26 20:02 – Updated: 2025-06-26 20:20
    VLAI
    Summary
    Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    matplotlib matplotlib Affected: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 5.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2013-1424",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-26T20:19:42.433747Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-26T20:20:42.726Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "matplotlib",
              "vendor": "matplotlib",
              "versions": [
                {
                  "status": "affected",
                  "version": "before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer overflow vulnerability in matplotlib.\u003cp\u003eThis issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.\u003c/p\u003e"
                }
              ],
              "value": "Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-26T20:02:13.658Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://bugs.debian.org/775691"
            },
            {
              "url": "https://github.com/matplotlib/matplotlib/commit/ba4016014cb4fb4927e36ce8ea429fed47dcb787"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2013-1424",
        "datePublished": "2025-06-26T20:02:13.658Z",
        "dateReserved": "2013-01-26T00:00:00.000Z",
        "dateUpdated": "2025-06-26T20:20:42.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2787 (GCVE-0-2022-2787)

    Vulnerability from cvelistv5 – Published: 2022-08-27 11:30 – Updated: 2024-09-16 19:51
    VLAI
    Title
    stricter rules on chroot names
    Summary
    Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.
    Severity
    No CVSS data available.
    CWE
    • insufficient sanitiztion of chroot and session names
    Assigner
    Impacted products
    Vendor Product Version
    Debian schroot Affected: unspecified , < 1.6.13 (custom)
    Create a notification for this product.
    Date Public
    2022-08-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:46:04.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://codeberg.org/shelter/reschroot/commit/6f7166a285e1e97aea390be633591f9791b29a6d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-security-announce/2022/msg00182.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00007.html"
              },
              {
                "name": "GLSA-202210-11",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202210-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "schroot",
              "vendor": "Debian",
              "versions": [
                {
                  "lessThan": "1.6.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-08-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "insufficient sanitiztion of chroot and session names",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-31T00:00:00.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://codeberg.org/shelter/reschroot/commit/6f7166a285e1e97aea390be633591f9791b29a6d"
            },
            {
              "url": "https://lists.debian.org/debian-security-announce/2022/msg00182.html"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00007.html"
            },
            {
              "name": "GLSA-202210-11",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202210-11"
            }
          ],
          "source": {
            "advisory": "https://lists.debian.org/debian-security-announce/2022/msg00182.html",
            "defect": [
              "DSA-5213-1"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "stricter rules on chroot names",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2022-2787",
        "datePublished": "2022-08-27T11:30:20.934Z",
        "dateReserved": "2022-08-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:51:44.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1664 (GCVE-0-2022-1664)

    Vulnerability from cvelistv5 – Published: 2022-05-26 08:20 – Updated: 2024-09-17 02:16
    VLAI
    Title
    directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar
    Summary
    Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
    Severity
    No CVSS data available.
    CWE
    • directory traversal
    Assigner
    Impacted products
    Vendor Product Version
    Debian dpkg Affected: 1.14.17 , < 1.21.8 (custom)
    Create a notification for this product.
    Date Public
    2022-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.819Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dpkg",
              "vendor": "Debian",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.20.10",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.19.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.26",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.21.8",
                  "status": "affected",
                  "version": "1.14.17",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-07T00:00:00.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
            },
            {
              "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
            },
            {
              "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
            },
            {
              "url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
            },
            {
              "url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
            }
          ],
          "source": {
            "advisory": "https://lists.debian.org/debian-security-announce/2022/msg00115.html",
            "defect": [
              "DSA-5147-1"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2022-1664",
        "datePublished": "2022-05-26T08:20:15.198Z",
        "dateReserved": "2022-05-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:16:10.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1239 (GCVE-0-2016-1239)

    Vulnerability from cvelistv5 – Published: 2022-02-19 17:05 – Updated: 2024-09-16 18:24
    VLAI
    Summary
    duck before 0.10 did not properly handle loading of untrusted code from the current directory.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Impacted products
    Vendor Product Version
    Debian duck Affected: < 0.10
    Create a notification for this product.
    Date Public
    2016-06-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.664Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://salsa.debian.org/debian/duck/-/commit/b43b5bbf07973c54b8f1c581a941f4facc97177a"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "duck",
              "vendor": "Debian",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.10"
                }
              ]
            }
          ],
          "datePublic": "2016-06-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "duck before 0.10 did not properly handle loading of untrusted code from the current directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-19T19:20:09.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://salsa.debian.org/debian/duck/-/commit/b43b5bbf07973c54b8f1c581a941f4facc97177a"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "DATE_PUBLIC": "2016-06-04T00:00:00.000Z",
              "ID": "CVE-2016-1239",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "duck",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Debian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "duck before 0.10 did not properly handle loading of untrusted code from the current directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://salsa.debian.org/debian/duck/-/commit/b43b5bbf07973c54b8f1c581a941f4facc97177a",
                  "refsource": "MISC",
                  "url": "https://salsa.debian.org/debian/duck/-/commit/b43b5bbf07973c54b8f1c581a941f4facc97177a"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2016-1239",
        "datePublished": "2022-02-19T17:05:11.301Z",
        "dateReserved": "2015-12-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:24:06.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0543 (GCVE-0-2022-0543)

    Vulnerability from cvelistv5 – Published: 2022-02-18 19:25 – Updated: 2025-10-21 23:15
    VLAI CISA KEVIntel
    Summary
    It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Lua sandbox escape
    • CWE-862 - Missing Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Debian redis Affected: n/a
    Create a notification for this product.
    Date Public
    2022-02-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.290Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/1005787"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce"
              },
              {
                "name": "[debian-security-announce] 20220218 [SECURITY] [DSA 5081-1] redis security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-security-announce/2022/msg00048.html"
              },
              {
                "name": "DSA-5081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5081"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220331-0004/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 10,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-0543",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T20:49:14.266148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-28",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0543"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:45.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0543"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-28T00:00:00.000Z",
                "value": "CVE-2022-0543 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "redis",
              "vendor": "Debian",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-02-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Lua sandbox escape",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T20:06:10.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.debian.org/1005787"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce"
            },
            {
              "name": "[debian-security-announce] 20220218 [SECURITY] [DSA 5081-1] redis security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-security-announce/2022/msg00048.html"
            },
            {
              "name": "DSA-5081",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5081"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220331-0004/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html"
            }
          ],
          "source": {
            "advisory": "DSA-5081-1",
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "DATE_PUBLIC": "2022-02-18T00:00:00.000Z",
              "ID": "CVE-2022-0543",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "redis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Debian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Lua sandbox escape"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.debian.org/1005787",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/1005787"
                },
                {
                  "name": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce",
                  "refsource": "MISC",
                  "url": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce"
                },
                {
                  "name": "[debian-security-announce] 20220218 [SECURITY] [DSA 5081-1] redis security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-security-announce/2022/msg00048.html"
                },
                {
                  "name": "DSA-5081",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5081"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220331-0004/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220331-0004/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html"
                }
              ]
            },
            "source": {
              "advisory": "DSA-5081-1",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2022-0543",
        "datePublished": "2022-02-18T19:25:16.932Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:45.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20001 (GCVE-0-2021-20001)

    Vulnerability from cvelistv5 – Published: 2022-02-11 19:50 – Updated: 2024-09-16 23:41
    VLAI
    Summary
    It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.
    Severity
    No CVSS data available.
    CWE
    • insecure permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Debian debian-edu-config Affected: < 2.12.16
    Create a notification for this product.
    Date Public
    2022-02-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:30:07.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5"
              },
              {
                "name": "[debian-lts-announce] 20220211 [SECURITY] [DLA 2918-1] debian-edu-config security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00012.html"
              },
              {
                "name": "[debian-security-announce] 20220211 [SECURITY] [DSA 5072-1] debian-edu-config security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-security-announce/2022/msg00039.html"
              },
              {
                "name": "DSA-5072",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5072"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "debian-edu-config",
              "vendor": "Debian",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.16"
                }
              ]
            }
          ],
          "datePublic": "2022-02-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "insecure permissions",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-14T14:06:28.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5"
            },
            {
              "name": "[debian-lts-announce] 20220211 [SECURITY] [DLA 2918-1] debian-edu-config security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00012.html"
            },
            {
              "name": "[debian-security-announce] 20220211 [SECURITY] [DSA 5072-1] debian-edu-config security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-security-announce/2022/msg00039.html"
            },
            {
              "name": "DSA-5072",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5072"
            }
          ],
          "source": {
            "advisory": "DSA-5072-1",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "DATE_PUBLIC": "2022-02-11T00:00:00.000Z",
              "ID": "CVE-2021-20001",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "debian-edu-config",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 2.12.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Debian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "insecure permissions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5",
                  "refsource": "MISC",
                  "url": "https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5"
                },
                {
                  "name": "[debian-lts-announce] 20220211 [SECURITY] [DLA 2918-1] debian-edu-config security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00012.html"
                },
                {
                  "name": "[debian-security-announce] 20220211 [SECURITY] [DSA 5072-1] debian-edu-config security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-security-announce/2022/msg00039.html"
                },
                {
                  "name": "DSA-5072",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5072"
                }
              ]
            },
            "source": {
              "advisory": "DSA-5072-1",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20001",
        "datePublished": "2022-02-11T19:50:09.720Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:41:36.975Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20002 (GCVE-0-2021-20002)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:15.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20002",
        "datePublished": "2022-02-09T15:25:15.000Z",
        "dateRejected": "2022-02-09T15:25:15.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:15.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }

    CVE-2021-20003 (GCVE-0-2021-20003)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:14.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20003",
        "datePublished": "2022-02-09T15:25:14.000Z",
        "dateRejected": "2022-02-09T15:25:14.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:14.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }

    CVE-2021-20004 (GCVE-0-2021-20004)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:14.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20004",
        "datePublished": "2022-02-09T15:25:14.000Z",
        "dateRejected": "2022-02-09T15:25:14.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:14.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }

    CVE-2021-20005 (GCVE-0-2021-20005)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:13.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20005",
        "datePublished": "2022-02-09T15:25:13.000Z",
        "dateRejected": "2022-02-09T15:25:13.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:13.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }

    CVE-2021-20007 (GCVE-0-2021-20007)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:12.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20007",
        "datePublished": "2022-02-09T15:25:12.000Z",
        "dateRejected": "2022-02-09T15:25:12.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:12.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }

    CVE-2021-20006 (GCVE-0-2021-20006)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:12.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20006",
        "datePublished": "2022-02-09T15:25:12.000Z",
        "dateRejected": "2022-02-09T15:25:12.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:12.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }

    CVE-2021-20008 (GCVE-0-2021-20008)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:11.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20008",
        "datePublished": "2022-02-09T15:25:11.000Z",
        "dateRejected": "2022-02-09T15:25:11.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:11.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }

    CVE-2021-20009 (GCVE-0-2021-20009)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:10.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20009",
        "datePublished": "2022-02-09T15:25:10.000Z",
        "dateRejected": "2022-02-09T15:25:10.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:10.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }

    CVE-2021-20010 (GCVE-0-2021-20010)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:09.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20010",
        "datePublished": "2022-02-09T15:25:09.000Z",
        "dateRejected": "2022-02-09T15:25:09.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:09.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }

    CVE-2021-20011 (GCVE-0-2021-20011)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:09.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20011",
        "datePublished": "2022-02-09T15:25:09.000Z",
        "dateRejected": "2022-02-09T15:25:09.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:09.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }

    CVE-2021-20012 (GCVE-0-2021-20012)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:08.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20012",
        "datePublished": "2022-02-09T15:25:08.000Z",
        "dateRejected": "2022-02-09T15:25:08.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:08.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }

    CVE-2021-20013 (GCVE-0-2021-20013)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:07.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20013",
        "datePublished": "2022-02-09T15:25:07.000Z",
        "dateRejected": "2022-02-09T15:25:07.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:07.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }

    CVE-2021-20014 (GCVE-0-2021-20014)

    Vulnerability from cvelistv5 – Published: 2022-02-09 15:25 – Updated: 2022-02-09 15:25
    VLAI

    DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:25:06.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2021-20014",
        "datePublished": "2022-02-09T15:25:06.000Z",
        "dateRejected": "2022-02-09T15:25:06.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2022-02-09T15:25:06.000Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }