Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-10-11 CVE-2022-20422 Improper Locking vulnerability in multiple products
In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition.
local
high complexity
google debian CWE-667
7.0
2022-10-11 CVE-2022-33746 Improper Resource Shutdown or Release vulnerability in multiple products
P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size.
local
low complexity
xen fedoraproject debian CWE-404
6.5
2022-10-11 CVE-2022-33747 Improper Resource Shutdown or Release vulnerability in multiple products
Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g.
local
low complexity
xen fedoraproject debian CWE-404
3.8
2022-10-11 CVE-2022-33748 Improper Handling of Exceptional Conditions vulnerability in multiple products
lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path.
local
high complexity
xen fedoraproject debian CWE-755
5.6
2022-10-11 CVE-2022-37616 A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable.
network
low complexity
xmldom-project debian
critical
9.8
2022-10-08 CVE-2022-3435 A vulnerability classified as problematic has been found in Linux Kernel.
network
low complexity
linux fedoraproject debian
4.3
2022-10-06 CVE-2022-41853 Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack.
network
low complexity
hsqldb debian
critical
9.8
2022-10-02 CVE-2022-42003 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
2022-10-02 CVE-2022-42004 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
2022-09-30 CVE-2022-41849 Use After Free vulnerability in multiple products
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
high complexity
linux debian CWE-416
4.2