Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-04-28 CVE-2022-29869 Information Exposure Through Log Files vulnerability in multiple products
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
network
low complexity
samba fedoraproject debian CWE-532
5.3
5.3
2022-04-27 CVE-2022-27239 Out-of-bounds Write vulnerability in multiple products
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
local
low complexity
samba debian suse hp fedoraproject CWE-787
7.8
7.8
2022-04-25 CVE-2022-1441 Out-of-bounds Read vulnerability in multiple products
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion.
local
low complexity
gpac debian CWE-125
7.8
7.8
2022-04-25 CVE-2022-24792 PJSIP is a free and open source multimedia communication library written in C.
network
low complexity
teluu debian
7.5
7.5
2022-04-25 CVE-2019-25059 Artifex Ghostscript through 9.26 mishandles .completefont.
local
low complexity
artifex debian
7.8
7.8
2022-04-22 CVE-2022-29582 Race Condition vulnerability in multiple products
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts.
local
high complexity
linux debian CWE-362
7.0
7.0
2022-04-20 CVE-2022-29536 Out-of-bounds Write vulnerability in multiple products
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title.
network
low complexity
gnome fedoraproject debian CWE-787
7.5
7.5
2022-04-19 CVE-2022-21496 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI).
network
low complexity
oracle netapp debian azul
5.3
5.3
2022-04-19 CVE-2022-25648 Argument Injection or Modification vulnerability in multiple products
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection.
network
low complexity
git fedoraproject debian CWE-88
critical
 9.8
9.8
2022-04-18 CVE-2022-29458 Out-of-bounds Read vulnerability in multiple products
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
local
low complexity
gnu apple debian CWE-125
7.1
7.1