Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-06-21 CVE-2022-2068 OS Command Injection vulnerability in multiple products
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.
network
low complexity
openssl debian CWE-78
critical
 10.0
10
2022-06-20 CVE-2022-1720 Buffer Over-read vulnerability in multiple products
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956.
network
vim debian CWE-126
6.8
6.8
2022-06-19 CVE-2022-2126 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
network
vim debian CWE-125
6.8
6.8
2022-06-19 CVE-2022-2124 Buffer Over-read vulnerability in multiple products
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
network
vim debian CWE-126
6.8
6.8
2022-06-13 CVE-2022-32278 XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.
network
xfce debian
6.8
6.8
2022-06-09 CVE-2022-21499 Out-of-bounds Write vulnerability in multiple products
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
local
low complexity
oracle debian CWE-787
4.6
4.6
2022-06-09 CVE-2022-31030 Resource Exhaustion vulnerability in multiple products
containerd is an open source container runtime.
local
low complexity
linuxfoundation debian CWE-400
2.1
2.1
2022-06-07 CVE-2019-9971 Improper Privilege Management vulnerability in multiple products
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password.
network
low complexity
3cx debian CWE-269
critical
 9.0
9.0
2022-06-07 CVE-2019-9972 Command Injection vulnerability in multiple products
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.
network
low complexity
3cx debian CWE-77
critical
 9.0
9.0
2022-06-06 CVE-2022-1966 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c.
local
low complexity
linux redhat fedoraproject debian CWE-416
7.2
7.2