Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-26662 XML Entity Expansion vulnerability in multiple products
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1.
network
low complexity
tryton debian CWE-776
7.5
2022-03-10 CVE-2022-0204 Integer Overflow or Wraparound vulnerability in multiple products
A heap overflow vulnerability was found in bluez in versions prior to 5.63.
8.8
2022-03-10 CVE-2022-0516 A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel.
local
low complexity
linux fedoraproject debian redhat netapp
7.8
2022-03-10 CVE-2022-0891 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
network
low complexity
libtiff debian fedoraproject netapp CWE-787
7.1
2022-03-08 CVE-2022-24713 regex is an implementation of regular expressions for the Rust language.
network
low complexity
rust-lang fedoraproject debian
7.5
2022-03-06 CVE-2022-26505 Authentication Bypass by Spoofing vulnerability in multiple products
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.
network
low complexity
readymedia-project debian CWE-290
7.4
2022-03-06 CVE-2022-26490 Classic Buffer Overflow vulnerability in multiple products
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
local
low complexity
linux fedoraproject netapp debian CWE-120
7.8
2022-03-05 CVE-2022-24921 Uncontrolled Recursion vulnerability in multiple products
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
network
low complexity
golang netapp debian CWE-674
7.5
2022-03-03 CVE-2021-3640 Race Condition vulnerability in multiple products
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page.
7.0
2022-03-03 CVE-2022-21716 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
7.5