Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-05 | CVE-2022-35256 | HTTP Request Smuggling vulnerability in multiple products The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. | 6.5 |
| 2022-12-05 | CVE-2022-43548 | OS Command Injection vulnerability in multiple products A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | 8.1 |
| 2022-12-04 | CVE-2022-46391 | Cross-site Scripting vulnerability in multiple products AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. | 6.1 |
| 2022-12-03 | CVE-2021-37533 | Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. | 6.5 |
| 2022-11-30 | CVE-2022-46338 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data. | 6.5 |
| 2022-11-28 | CVE-2022-45442 | Sinatra is a domain-specific language for creating web applications in Ruby. | 8.8 |
| 2022-11-28 | CVE-2022-45939 | OS Command Injection vulnerability in multiple products GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. | 7.8 |
| 2022-11-27 | CVE-2022-45934 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in the Linux kernel through 6.0.10. | 7.8 |
| 2022-11-26 | CVE-2022-24999 | qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. | 7.5 |
| 2022-11-23 | CVE-2022-44789 | Out-of-bounds Write vulnerability in multiple products A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. | 8.8 |