Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2022-44789 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. | 8.8 |
| 2022-11-15 | CVE-2022-41916 | Off-by-one Error vulnerability in multiple products Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. | 7.5 |
| 2022-11-09 | CVE-2022-45060 | An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. | 7.5 |
| 2022-11-01 | CVE-2022-42309 | Release of Invalid Pointer or Reference vulnerability in multiple products Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. | 8.8 |
| 2022-11-01 | CVE-2022-42320 | Incomplete Cleanup vulnerability in multiple products Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. | 7.0 |
| 2022-10-31 | CVE-2022-40617 | Resource Exhaustion vulnerability in multiple products strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. | 7.5 |
| 2022-10-24 | CVE-2022-43680 | Use After Free vulnerability in multiple products In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | 7.5 |
| 2022-10-21 | CVE-2022-3625 | Use After Free vulnerability in multiple products A vulnerability was found in Linux Kernel. | 7.8 |
| 2022-10-20 | CVE-2022-3621 | Improper Resource Shutdown or Release vulnerability in multiple products A vulnerability was found in Linux Kernel. | 7.5 |
| 2022-10-19 | CVE-2022-41742 | Out-of-bounds Write vulnerability in multiple products NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. | 7.1 |