Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-10-11 CVE-2022-33747 Improper Resource Shutdown or Release vulnerability in multiple products
Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g.
local
low complexity
xen fedoraproject debian CWE-404
3.8
2022-10-11 CVE-2022-33748 Improper Handling of Exceptional Conditions vulnerability in multiple products
lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path.
local
high complexity
xen fedoraproject debian CWE-755
5.6
2022-10-11 CVE-2022-37616 A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable.
network
low complexity
xmldom-project debian
critical
9.8
2022-10-08 CVE-2022-3435 A vulnerability classified as problematic has been found in Linux Kernel.
network
low complexity
linux fedoraproject debian
4.3
2022-10-06 CVE-2022-41853 Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack.
network
low complexity
hsqldb debian
critical
9.8
2022-10-02 CVE-2022-42003 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
2022-10-02 CVE-2022-42004 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
2022-09-30 CVE-2022-41849 Use After Free vulnerability in multiple products
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
high complexity
linux debian CWE-416
4.2
2022-09-30 CVE-2022-41850 Use After Free vulnerability in multiple products
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
local
high complexity
linux debian CWE-416
4.7
2022-09-29 CVE-2022-3352 Use After Free in GitHub repository vim/vim prior to 9.0.0614.
local
low complexity
vim fedoraproject debian
7.8