Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-08-31 CVE-2022-1271 Improper Input Validation vulnerability in multiple products
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility.
network
low complexity
gnu redhat debian tukaani CWE-20
8.8
8.8
2022-08-31 CVE-2022-1354 A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function.
local
low complexity
libtiff fedoraproject redhat netapp debian
5.5
5.5
2022-08-31 CVE-2022-1355 A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function.
local
low complexity
libtiff fedoraproject redhat netapp debian
6.1
6.1
2022-08-31 CVE-2022-2132 A permissive list of allowed inputs flaw was found in DPDK.
network
low complexity
dpdk fedoraproject debian redhat
8.6
8.6
2022-08-31 CVE-2022-2153 A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ.
local
low complexity
linux fedoraproject redhat debian
5.5
5.5
2022-08-31 CVE-2022-2519 There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1
network
low complexity
libtiff debian
6.5
6.5
2022-08-31 CVE-2022-2520 A flaw was found in libtiff 4.4.0rc1.
network
low complexity
libtiff debian
6.5
6.5
2022-08-31 CVE-2022-2521 It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.
network
low complexity
libtiff debian
6.5
6.5
2022-08-31 CVE-2022-3028 Out-of-bounds Write vulnerability in multiple products
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously.
local
high complexity
linux fedoraproject debian CWE-787
7.0
7.0
2022-08-30 CVE-2021-46837 NULL Pointer Dereference vulnerability in multiple products
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk.
network
low complexity
asterisk digium debian CWE-476
6.5
6.5