Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2022-09-15 CVE-2022-38858 Out-of-bounds Write vulnerability in multiple products
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c.
local
low complexity
mplayerhq debian CWE-787
5.5
5.5
2022-09-15 CVE-2022-38860 Divide By Zero vulnerability in multiple products
Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder.
local
low complexity
mplayerhq debian CWE-369
5.5
5.5
2022-09-15 CVE-2022-38861 Out-of-bounds Write vulnerability in multiple products
The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c.
local
low complexity
mplayerhq debian CWE-787
5.5
5.5
2022-09-15 CVE-2022-38863 Out-of-bounds Write vulnerability in multiple products
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer.
local
low complexity
mplayerhq debian CWE-787
5.5
5.5
2022-09-15 CVE-2022-38864 Out-of-bounds Write vulnerability in multiple products
Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c.
local
low complexity
mplayerhq debian CWE-787
5.5
5.5
2022-09-15 CVE-2022-38865 Divide By Zero vulnerability in multiple products
Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c.
local
low complexity
mplayerhq debian CWE-369
5.5
5.5
2022-09-15 CVE-2022-38866 Out-of-bounds Write vulnerability in multiple products
Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c .
local
low complexity
mplayerhq debian CWE-787
5.5
5.5
2022-09-15 CVE-2018-25047 Cross-site Scripting vulnerability in multiple products
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS.
network
low complexity
smarty debian CWE-79
5.4
5.4
2022-09-14 CVE-2022-40674 Use After Free vulnerability in multiple products
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
network
high complexity
libexpat-project debian fedoraproject CWE-416
8.1
8.1
2022-09-12 CVE-2022-37797 NULL Pointer Dereference vulnerability in multiple products
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received.
network
low complexity
lighttpd debian CWE-476
7.5
7.5