Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2022-23219 Classic Buffer Overflow vulnerability in multiple products
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
network
low complexity
gnu oracle debian CWE-120
critical
9.8
2022-01-14 CVE-2022-20698 Out-of-bounds Read vulnerability in multiple products
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav debian canonical CWE-125
7.5
2022-01-13 CVE-2022-21682 Path Traversal vulnerability in multiple products
Flatpak is a Linux application sandboxing and distribution framework.
network
low complexity
flatpak fedoraproject redhat debian CWE-22
6.5
2022-01-13 CVE-2022-23134 Improper Authentication vulnerability in multiple products
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well.
network
low complexity
zabbix fedoraproject debian CWE-287
5.3
2022-01-12 CVE-2021-43860 Incorrect Default Permissions vulnerability in multiple products
Flatpak is a Linux application sandboxing and distribution framework.
local
low complexity
flatpak fedoraproject redhat debian CWE-276
8.6
2022-01-12 CVE-2021-37529 Double Free vulnerability in multiple products
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).
local
low complexity
fig2dev-project debian CWE-415
5.5
2022-01-12 CVE-2021-37530 Out-of-bounds Write vulnerability in multiple products
A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.
local
low complexity
fig2dev-project debian CWE-787
5.5
2022-01-12 CVE-2021-44648 Out-of-bounds Write vulnerability in multiple products
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
network
low complexity
gnome fedoraproject debian CWE-787
8.8
2022-01-10 CVE-2021-36408 Use After Free vulnerability in multiple products
An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.
local
low complexity
struktur debian CWE-416
5.5
2022-01-10 CVE-2021-36409 Reachable Assertion vulnerability in multiple products
There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.
local
low complexity
struktur debian CWE-617
7.8