Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2022-41325 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
local
low complexity
videolan debian CWE-190
7.8
7.8
2022-12-06 CVE-2022-24439 Improper Input Validation vulnerability in multiple products
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command.
network
low complexity
gitpython-project fedoraproject debian CWE-20
critical
 9.8
9.8
2022-12-05 CVE-2022-30122 A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.
network
low complexity
rack-project debian
7.5
7.5
2022-12-05 CVE-2022-30123 A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
network
low complexity
rack-project debian
critical
 10.0
10
2022-12-05 CVE-2022-32221 Exposure of Resource to Wrong Sphere vulnerability in multiple products
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback.
network
low complexity
haxx netapp debian apple splunk CWE-668
critical
 9.8
9.8
2022-12-05 CVE-2022-35255 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc.
network
low complexity
nodejs siemens debian CWE-338
critical
 9.1
9.1
2022-12-05 CVE-2022-35256 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF.
network
low complexity
nodejs llhttp siemens debian CWE-444
6.5
6.5
2022-12-05 CVE-2022-43548 OS Command Injection vulnerability in multiple products
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
network
high complexity
nodejs debian CWE-78
8.1
8.1
2022-12-04 CVE-2022-46391 Cross-site Scripting vulnerability in multiple products
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
network
low complexity
awstats debian fedoraproject CWE-79
6.1
6.1
2022-12-03 CVE-2021-37533 Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default.
network
low complexity
apache debian
6.5
6.5