Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2022-09-05 CVE-2022-38751 Out-of-bounds Write vulnerability in multiple products
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
snakeyaml-project debian CWE-787
6.5
6.5
2022-09-05 CVE-2022-3008 Command Injection vulnerability in multiple products
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file.
network
low complexity
tinygltf-project debian CWE-77
8.8
8.8
2022-09-05 CVE-2022-39842 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.19.
local
low complexity
linux debian CWE-190
6.1
6.1
2022-09-03 CVE-2022-3099 Use After Free in GitHub repository vim/vim prior to 9.0.0360.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-09-02 CVE-2020-29260 Resource Exhaustion vulnerability in multiple products
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
network
low complexity
libvncserver-project debian CWE-400
7.5
7.5
2022-09-02 CVE-2020-22669 SQL Injection vulnerability in multiple products
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability.
network
low complexity
owasp debian CWE-89
critical
 9.8
9.8
2022-09-02 CVE-2022-39188 Race Condition vulnerability in multiple products
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19.
local
high complexity
linux debian CWE-362
4.7
4.7
2022-09-02 CVE-2022-39190 An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6.
local
low complexity
linux debian
5.5
5.5
2022-09-02 CVE-2022-39176 BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
low complexity
bluez canonical debian
8.8
8.8
2022-09-02 CVE-2022-39177 BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
low complexity
bluez canonical debian
8.8
8.8