Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2022-09-21	CVE-2022-38178	Memory Leak vulnerability in multiple products By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. network low complexity isc debian fedoraproject netapp CWE-401	7.5
2022-09-21	CVE-2022-41222	Use After Free vulnerability in multiple products mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. local high complexity linux debian netapp canonical CWE-416	7.0
2022-09-21	CVE-2022-41218	Use After Free vulnerability in multiple products In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. local low complexity linux debian CWE-416	5.5
2022-09-20	CVE-2022-32886	Out-of-bounds Write vulnerability in multiple products A buffer overflow issue was addressed with improved memory handling. network low complexity apple fedoraproject debian CWE-787	8.8
2022-09-20	CVE-2022-39955	The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. network low complexity owasp fedoraproject debian critical	9.8
2022-09-20	CVE-2022-39956	Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. network low complexity owasp fedoraproject debian CWE-116 critical	9.8
2022-09-20	CVE-2022-39957	Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. network low complexity owasp fedoraproject debian CWE-116	7.5
2022-09-20	CVE-2022-39958	Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. network low complexity owasp fedoraproject debian CWE-116	7.5
2022-09-19	CVE-2022-37032	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. network low complexity frrouting debian CWE-125 critical	9.1
2022-09-19	CVE-2022-28201	Uncontrolled Recursion vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. local low complexity mediawiki debian CWE-674	4.4