Vulnerabilities > Debian > Debian Linux > 9.0

DATE CVE VULNERABILITY TITLE RISK
2023-02-20 CVE-2023-24998 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
network
low complexity
apache debian CWE-770
7.5
7.5
2022-08-30 CVE-2021-46837 NULL Pointer Dereference vulnerability in multiple products
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk.
network
low complexity
asterisk digium debian CWE-476
6.5
6.5
2022-06-20 CVE-2022-1720 Buffer Over-read vulnerability in multiple products
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956.
local
low complexity
vim debian fedoraproject apple CWE-126
7.8
7.8
2022-06-19 CVE-2022-2126 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim debian fedoraproject apple CWE-125
7.8
7.8
2022-06-19 CVE-2022-2124 Buffer Over-read vulnerability in multiple products
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim debian fedoraproject apple CWE-126
7.8
7.8
2022-06-18 CVE-2022-33981 Use After Free vulnerability in multiple products
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
local
low complexity
linux debian CWE-416
3.3
3.3
2022-06-15 CVE-2022-21166 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5
5.5
2022-06-15 CVE-2022-21123 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5
5.5
2022-06-15 CVE-2022-21125 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5
5.5
2022-06-13 CVE-2022-32278 XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.
network
xfce debian
6.8
6.8