Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-26 | CVE-2022-0359 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 |
| 2022-01-26 | CVE-2022-23959 | HTTP Request Smuggling vulnerability in multiple products In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. | 9.1 |
| 2022-01-25 | CVE-2022-0351 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. | 7.8 |
| 2022-01-25 | CVE-2021-3850 | Improper Authentication vulnerability in multiple products Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. | 9.1 |
| 2022-01-25 | CVE-2022-23033 | Improper Resource Shutdown or Release vulnerability in multiple products arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. | 7.8 |
| 2022-01-25 | CVE-2022-23034 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. | 5.5 |
| 2022-01-25 | CVE-2022-23035 | Incomplete Cleanup vulnerability in multiple products Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. | 4.6 |
| 2022-01-25 | CVE-2021-45342 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | 7.8 |
| 2022-01-25 | CVE-2021-45343 | NULL Pointer Dereference vulnerability in multiple products In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. | 5.5 |
| 2022-01-25 | CVE-2021-45844 | OS Command Injection vulnerability in multiple products Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. | 7.8 |