Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2022-11-23 CVE-2022-41946 Exposure of Resource to Wrong Sphere vulnerability in multiple products
pgjdbc is an open source postgresql JDBC Driver.
local
low complexity
postgresql debian CWE-668
5.5
2022-11-22 CVE-2022-36227 NULL Pointer Dereference vulnerability in multiple products
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
network
low complexity
libarchive debian fedoraproject splunk CWE-476
critical
9.8
2022-11-18 CVE-2022-44641 XML Entity Expansion vulnerability in multiple products
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
network
low complexity
linaro debian CWE-776
6.5
2022-11-15 CVE-2022-41916 Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos.
network
low complexity
heimdal-project debian
7.5
2022-11-13 CVE-2022-3970 A vulnerability was found in LibTIFF.
network
low complexity
libtiff netapp debian apple
8.8
2022-11-12 CVE-2022-45188 Out-of-bounds Write vulnerability in multiple products
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file.
local
low complexity
netatalk debian fedoraproject CWE-787
7.8
2022-11-09 CVE-2022-45062 Argument Injection or Modification vulnerability in multiple products
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
network
low complexity
xfce debian fedoraproject CWE-88
critical
9.8
2022-11-09 CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. 7.5
2022-11-09 CVE-2022-3885 Use After Free vulnerability in multiple products
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
2022-11-09 CVE-2022-3886 Use After Free vulnerability in multiple products
Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8