Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-09-20 CVE-2022-39958 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range.
network
low complexity
owasp fedoraproject debian CWE-116
7.5
7.5
2022-09-19 CVE-2022-37032 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service.
network
low complexity
frrouting debian CWE-125
critical
 9.1
9.1
2022-09-19 CVE-2022-28201 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
local
low complexity
mediawiki debian CWE-674
4.4
4.4
2022-09-19 CVE-2022-28203 Release of Invalid Pointer or Reference vulnerability in multiple products
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
network
low complexity
mediawiki debian CWE-763
7.5
7.5
2022-09-18 CVE-2022-3235 Use After Free in GitHub repository vim/vim prior to 9.0.0490.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-09-18 CVE-2022-40768 Use of Uninitialized Resource vulnerability in multiple products
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
local
low complexity
linux fedoraproject debian CWE-908
5.5
5.5
2022-09-17 CVE-2022-3234 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-09-16 CVE-2022-3176 Use After Free vulnerability in multiple products
There exists a use-after-free in io_uring in the Linux kernel.
local
low complexity
linux debian CWE-416
7.8
7.8
2022-09-16 CVE-2022-40149 Out-of-bounds Write vulnerability in multiple products
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
jettison-project debian CWE-787
7.5
7.5
2022-09-16 CVE-2022-40150 Uncontrolled Recursion vulnerability in multiple products
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
jettison-project debian CWE-674
7.5
7.5