Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2022-07-07 CVE-2022-32207 Incorrect Default Permissions vulnerability in multiple products
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
network
low complexity
haxx fedoraproject debian netapp apple splunk CWE-276
critical
 9.8
9.8
2022-07-07 CVE-2022-32208 Out-of-bounds Write vulnerability in multiple products
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.
network
high complexity
haxx fedoraproject debian netapp apple splunk CWE-787
5.9
5.9
2022-07-06 CVE-2022-2318 There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.
local
low complexity
linux debian netapp
5.5
5.5
2022-07-06 CVE-2022-31129 moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates.
network
low complexity
momentjs fedoraproject debian
7.5
7.5
2022-07-06 CVE-2022-33980 Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
network
low complexity
apache netapp debian
critical
 9.8
9.8
2022-07-05 CVE-2022-26365 Memory Leak vulnerability in multiple products
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
local
low complexity
linux xen debian fedoraproject CWE-401
7.1
7.1
2022-07-05 CVE-2022-2304 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-07-05 CVE-2022-33740 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
local
low complexity
fedoraproject debian linux xen CWE-212
7.1
7.1
2022-07-05 CVE-2022-33741 Information Exposure vulnerability in multiple products
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
local
low complexity
fedoraproject debian linux xen CWE-200
7.1
7.1
2022-07-05 CVE-2022-33742 Information Exposure vulnerability in multiple products
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
local
low complexity
fedoraproject debian linux xen CWE-200
7.1
7.1