Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-05 CVE-2022-3008 Command Injection vulnerability in multiple products
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file.
network
low complexity
tinygltf-project debian CWE-77
8.8
8.8
2022-09-03 CVE-2022-3099 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.0360.
local
low complexity
vim fedoraproject debian CWE-416
7.8
7.8
2022-09-02 CVE-2020-29260 Resource Exhaustion vulnerability in multiple products
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
network
low complexity
libvncserver-project debian CWE-400
7.5
7.5
2022-09-02 CVE-2022-39176 BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
low complexity
bluez canonical debian
8.8
8.8
2022-09-02 CVE-2022-39177 BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
low complexity
bluez canonical debian
8.8
8.8
2022-09-01 CVE-2022-2996 Improper Certificate Validation vulnerability in multiple products
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified.
network
high complexity
python-scciclient-project debian CWE-295
7.4
7.4
2022-08-31 CVE-2022-1271 Improper Input Validation vulnerability in multiple products
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility.
network
low complexity
gnu redhat debian tukaani CWE-20
8.8
8.8
2022-08-31 CVE-2022-2132 A permissive list of allowed inputs flaw was found in DPDK.
network
low complexity
dpdk fedoraproject debian redhat
8.6
8.6
2022-08-31 CVE-2022-3028 Out-of-bounds Write vulnerability in multiple products
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously.
local
high complexity
linux fedoraproject debian CWE-787
7.0
7.0
2022-08-30 CVE-2022-25857 XML Entity Expansion vulnerability in multiple products
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
network
low complexity
snakeyaml-project debian CWE-776
7.5
7.5