Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-04-14 CVE-2022-1328 Classic Buffer Overflow vulnerability in multiple products
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line
network
low complexity
mutt debian fedoraproject CWE-120
5.3
5.3
2022-04-14 CVE-2022-27445 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
network
low complexity
mariadb debian
7.5
7.5
2022-04-14 CVE-2022-27447 Use After Free vulnerability in multiple products
MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.
network
low complexity
mariadb debian CWE-416
7.5
7.5
2022-04-14 CVE-2022-27448 Reachable Assertion vulnerability in multiple products
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
network
low complexity
mariadb debian CWE-617
7.5
7.5
2022-04-14 CVE-2022-27449 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
network
low complexity
mariadb debian
7.5
7.5
2022-04-14 CVE-2022-27452 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
network
low complexity
mariadb debian
7.5
7.5
2022-04-14 CVE-2022-27456 Use After Free vulnerability in multiple products
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
network
low complexity
mariadb debian CWE-416
7.5
7.5
2022-04-12 CVE-2022-27376 Use After Free vulnerability in multiple products
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.
network
low complexity
mariadb debian CWE-416
7.5
7.5
2022-04-12 CVE-2022-27377 Use After Free vulnerability in multiple products
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.
network
low complexity
mariadb debian CWE-416
7.5
7.5
2022-04-12 CVE-2022-27378 SQL Injection vulnerability in multiple products
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
network
low complexity
mariadb debian CWE-89
7.5
7.5