Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-05-18 CVE-2022-1734 Use After Free vulnerability in multiple products
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
local
high complexity
linux debian netapp CWE-416
7.0
7.0
2022-05-18 CVE-2022-30974 Uncontrolled Recursion vulnerability in multiple products
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
local
low complexity
artifex debian fedoraproject CWE-674
5.5
5.5
2022-05-18 CVE-2022-30975 NULL Pointer Dereference vulnerability in multiple products
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
local
low complexity
artifex debian fedoraproject CWE-476
5.5
5.5
2022-05-17 CVE-2022-30688 needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation.
local
low complexity
needrestart-project debian
7.8
7.8
2022-05-17 CVE-2022-29581 Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root.
local
low complexity
linux debian canonical netapp
7.8
7.8
2022-05-16 CVE-2022-1586 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.
network
low complexity
pcre fedoraproject redhat netapp debian CWE-125
critical
 9.1
9.1
2022-05-16 CVE-2022-1679 A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages.
local
low complexity
linux debian netapp
7.8
7.8
2022-05-12 CVE-2022-21151 Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel netapp debian
5.5
5.5
2022-05-12 CVE-2022-1650 Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
network
low complexity
eventsource debian
critical
 9.3
9.3
2022-05-12 CVE-2022-29885 The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network.
network
low complexity
apache debian oracle
7.5
7.5