Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-01-25 CVE-2022-23035 Incomplete Cleanup vulnerability in multiple products
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device.
low complexity
xen fedoraproject debian CWE-459
4.6
4.6
2022-01-25 CVE-2021-45342 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
local
low complexity
librecad fedoraproject debian CWE-120
7.8
7.8
2022-01-25 CVE-2021-45343 NULL Pointer Dereference vulnerability in multiple products
In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.
local
low complexity
librecad fedoraproject debian CWE-476
5.5
5.5
2022-01-25 CVE-2021-45844 OS Command Injection vulnerability in multiple products
Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.
local
low complexity
freecadweb debian CWE-78
7.8
7.8
2022-01-25 CVE-2021-45845 OS Command Injection vulnerability in multiple products
The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.
local
low complexity
freecadweb debian CWE-78
7.8
7.8
2022-01-25 CVE-2021-45341 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
network
low complexity
librecad fedoraproject debian CWE-120
8.8
8.8
2022-01-24 CVE-2022-23852 Integer Overflow or Wraparound vulnerability in multiple products
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
network
low complexity
libexpat-project netapp tenable debian oracle siemens CWE-190
critical
 9.8
9.8
2022-01-21 CVE-2022-23837 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph.
network
low complexity
contribsys debian CWE-770
7.5
7.5
2022-01-21 CVE-2021-23518 The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path.
network
low complexity
cached-path-relative-project debian
critical
 9.8
9.8
2022-01-21 CVE-2022-0319 Out-of-bounds Read in vim/vim prior to 8.2.
local
low complexity
vim debian apple
5.5
5.5