Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-14 CVE-2022-46343 Use After Free vulnerability in multiple products
A vulnerability was found in X.Org.
network
low complexity
x-org fedoraproject debian CWE-416
8.8
8.8
2022-12-14 CVE-2022-46344 Out-of-bounds Read vulnerability in multiple products
A vulnerability was found in X.Org.
network
low complexity
x-org fedoraproject debian CWE-125
8.8
8.8
2022-12-14 CVE-2022-4283 Use After Free vulnerability in multiple products
A vulnerability was found in X.Org.
local
low complexity
x-org fedoraproject redhat debian CWE-416
7.8
7.8
2022-12-14 CVE-2022-23517 rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications.
network
low complexity
rubyonrails debian
7.5
7.5
2022-12-13 CVE-2022-45685 Out-of-bounds Write vulnerability in multiple products
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
network
low complexity
jettison-project debian CWE-787
7.5
7.5
2022-12-13 CVE-2022-45693 Out-of-bounds Write vulnerability in multiple products
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter.
network
low complexity
jettison-project debian CWE-787
7.5
7.5
2022-12-12 CVE-2022-41881 Uncontrolled Recursion vulnerability in multiple products
Netty project is an event-driven asynchronous network application framework.
network
low complexity
netty debian CWE-674
7.5
7.5
2022-12-06 CVE-2022-41325 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
local
low complexity
videolan debian CWE-190
7.8
7.8
2022-12-05 CVE-2022-30122 A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.
network
low complexity
rack-project debian
7.5
7.5
2022-12-05 CVE-2022-43548 OS Command Injection vulnerability in multiple products
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
network
high complexity
nodejs debian CWE-78
8.1
8.1