Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-22 CVE-2022-1941 A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures.
network
low complexity
google fedoraproject debian
7.5
7.5
2022-09-22 CVE-2022-40146 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url.
network
low complexity
apache debian CWE-918
7.5
7.5
2022-09-22 CVE-2022-3256 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.0530.
local
low complexity
vim fedoraproject debian CWE-416
7.8
7.8
2022-09-21 CVE-2022-38177 Memory Leak vulnerability in multiple products
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak.
network
low complexity
isc debian fedoraproject netapp CWE-401
7.5
7.5
2022-09-21 CVE-2022-38178 Memory Leak vulnerability in multiple products
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak.
network
low complexity
isc debian fedoraproject netapp CWE-401
7.5
7.5
2022-09-21 CVE-2022-41222 Use After Free vulnerability in multiple products
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.
local
high complexity
linux debian netapp canonical CWE-416
7.0
7.0
2022-09-20 CVE-2022-32886 Out-of-bounds Write vulnerability in multiple products
A buffer overflow issue was addressed with improved memory handling.
network
low complexity
apple fedoraproject debian CWE-787
8.8
8.8
2022-09-20 CVE-2022-39957 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass.
network
low complexity
owasp fedoraproject debian CWE-116
7.5
7.5
2022-09-20 CVE-2022-39958 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range.
network
low complexity
owasp fedoraproject debian CWE-116
7.5
7.5
2022-09-19 CVE-2022-28203 Release of Invalid Pointer or Reference vulnerability in multiple products
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
network
low complexity
mediawiki debian CWE-763
7.5
7.5