Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-11-13 CVE-2022-3970 A vulnerability was found in LibTIFF.
network
low complexity
libtiff netapp debian apple
8.8
8.8
2022-11-12 CVE-2022-45188 Out-of-bounds Write vulnerability in multiple products
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file.
local
low complexity
netatalk debian fedoraproject CWE-787
7.8
7.8
2022-11-09 CVE-2022-45062 Argument Injection or Modification vulnerability in multiple products
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
network
low complexity
xfce debian fedoraproject CWE-88
critical
 9.8
9.8
2022-11-09 CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. 7.5
7.5
2022-11-09 CVE-2022-3885 Use After Free vulnerability in multiple products
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
8.8
2022-11-09 CVE-2022-3886 Use After Free vulnerability in multiple products
Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
8.8
2022-11-09 CVE-2022-3887 Use After Free vulnerability in multiple products
Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
8.8
2022-11-09 CVE-2022-3888 Use After Free vulnerability in multiple products
Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
8.8
2022-11-09 CVE-2022-3889 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-843
8.8
8.8
2022-11-09 CVE-2022-3890 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian CWE-787
critical
 9.6
9.6