Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-28	CVE-2022-45442	Download of Code Without Integrity Check vulnerability in multiple products Sinatra is a domain-specific language for creating web applications in Ruby. network low complexity sinatrarb debian CWE-494	8.8
2022-11-28	CVE-2022-45939	OS Command Injection vulnerability in multiple products GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. local low complexity gnu debian fedoraproject CWE-78	7.8
2022-11-27	CVE-2022-45934	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in the Linux kernel through 6.0.10. local low complexity linux fedoraproject netapp debian CWE-190	7.8
2022-11-26	CVE-2022-24999	qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. network low complexity qs-project openjsf debian	7.5
2022-11-23	CVE-2022-44789	Out-of-bounds Write vulnerability in multiple products A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. network low complexity artifex debian fedoraproject CWE-787	8.8
2022-11-23	CVE-2022-41946	Exposure of Resource to Wrong Sphere vulnerability in multiple products pgjdbc is an open source postgresql JDBC Driver. local low complexity postgresql debian CWE-668	5.5
2022-11-22	CVE-2022-36227	NULL Pointer Dereference vulnerability in multiple products In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. network low complexity libarchive debian fedoraproject splunk CWE-476 critical	9.8
2022-11-18	CVE-2022-44641	XML Entity Expansion vulnerability in multiple products In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. network low complexity linaro debian CWE-776	6.5
2022-11-15	CVE-2022-41916	Off-by-one Error vulnerability in multiple products Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. network low complexity heimdal-project debian CWE-193	7.5
2022-11-13	CVE-2022-3970	Numeric Errors vulnerability in multiple products A vulnerability was found in LibTIFF. network low complexity libtiff netapp debian apple CWE-189	8.8