Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in multiple products
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl debian netapp oracle fedoraproject CWE-78
critical
 9.8
9.8
2022-05-03 CVE-2022-29824 Integer Overflow or Wraparound vulnerability in multiple products
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows.
network
low complexity
xmlsoft fedoraproject debian netapp oracle CWE-190
6.5
6.5
2022-05-02 CVE-2021-42528 XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file.
local
low complexity
adobe debian
5.5
5.5
2022-05-02 CVE-2021-42529 XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user.
local
low complexity
adobe debian
7.8
7.8
2022-05-02 CVE-2021-42531 XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user.
local
low complexity
adobe debian
7.8
7.8
2022-05-02 CVE-2021-42532 XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user.
local
low complexity
adobe debian
7.8
7.8
2022-05-02 CVE-2021-46790 Out-of-bounds Write vulnerability in multiple products
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2.
local
low complexity
tuxera debian fedoraproject CWE-787
7.8
7.8
2022-05-02 CVE-2022-29970 Path Traversal vulnerability in multiple products
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
network
low complexity
sinatrarb debian CWE-22
7.5
7.5
2022-05-01 CVE-2022-25647 Deserialization of Untrusted Data vulnerability in multiple products
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
network
low complexity
google debian netapp oracle CWE-502
7.5
7.5
2022-04-29 CVE-2021-4206 Incorrect Calculation of Buffer Size vulnerability in multiple products
A flaw was found in the QXL display device emulation in QEMU.
local
low complexity
qemu redhat debian CWE-131
8.2
8.2