Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-24 CVE-2021-4037 Improper Access Control vulnerability in multiple products
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group.
local
low complexity
linux debian CWE-284
7.8
2022-08-24 CVE-2021-4204 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation.
local
low complexity
linux debian redhat netapp CWE-119
7.1
2022-08-24 CVE-2021-4213 Memory Leak vulnerability in multiple products
A flaw was found in JSS, where it did not properly free up all memory.
network
low complexity
dogtagpki redhat debian CWE-401
7.5
2022-08-24 CVE-2022-2978 Use After Free vulnerability in multiple products
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy.
local
low complexity
linux debian CWE-416
7.8
2022-08-23 CVE-2020-35511 Buffer Over-read vulnerability in multiple products
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
local
low complexity
libpng debian CWE-126
7.8
2022-08-23 CVE-2022-31676 Improper Privilege Management vulnerability in multiple products
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability.
local
low complexity
vmware debian fedoraproject netapp CWE-269
7.8
2022-08-23 CVE-2022-2946 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.0246.
local
low complexity
vim fedoraproject debian CWE-416
7.8
2022-08-23 CVE-2021-20298 Out-of-bounds Write vulnerability in multiple products
A flaw was found in OpenEXR's B44Compressor.
network
low complexity
openexr debian CWE-787
7.5
2022-08-23 CVE-2021-23177 Link Following vulnerability in multiple products
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link.
7.8
2022-08-23 CVE-2021-31566 Link Following vulnerability in multiple products
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive.
7.8