Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2022-06-21 CVE-2022-2068 OS Command Injection vulnerability in multiple products
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.
network
low complexity
openssl debian fedoraproject siemens netapp broadcom CWE-78
critical
 9.8
9.8
2022-06-20 CVE-2022-1720 Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956.
local
low complexity
vim debian fedoraproject apple
7.8
7.8
2022-06-19 CVE-2022-2129 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-06-19 CVE-2022-2126 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim debian fedoraproject apple
7.8
7.8
2022-06-19 CVE-2022-2124 Buffer Over-read in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim debian fedoraproject apple
7.8
7.8
2022-06-18 CVE-2022-33981 Use After Free vulnerability in multiple products
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
local
low complexity
linux debian CWE-416
3.3
3.3
2022-06-16 CVE-2022-31291 Double Free vulnerability in multiple products
An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets.
network
low complexity
genivi debian CWE-415
7.5
7.5
2022-06-16 CVE-2022-31625 Release of Invalid Pointer or Reference vulnerability in multiple products
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers.
network
high complexity
php debian CWE-763
8.1
8.1
2022-06-16 CVE-2022-31626 Classic Buffer Overflow vulnerability in multiple products
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
network
low complexity
php debian CWE-120
8.8
8.8
2022-06-15 CVE-2022-21166 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5
5.5