Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-14 CVE-2022-23517 rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications.
network
low complexity
rubyonrails debian
7.5
2022-12-13 CVE-2022-45685 Out-of-bounds Write vulnerability in multiple products
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
network
low complexity
jettison-project debian CWE-787
7.5
2022-12-13 CVE-2022-45693 Out-of-bounds Write vulnerability in multiple products
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter.
network
low complexity
jettison-project debian CWE-787
7.5
2022-12-12 CVE-2022-41881 Uncontrolled Recursion vulnerability in multiple products
Netty project is an event-driven asynchronous network application framework.
network
low complexity
netty debian CWE-674
7.5
2022-12-06 CVE-2022-41325 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
local
low complexity
videolan debian CWE-190
7.8
2022-12-05 CVE-2022-30122 A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.
network
low complexity
rack-project debian
7.5
2022-12-05 CVE-2022-43548 OS Command Injection vulnerability in multiple products
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
network
high complexity
nodejs debian CWE-78
8.1
2022-11-28 CVE-2022-45442 Download of Code Without Integrity Check vulnerability in multiple products
Sinatra is a domain-specific language for creating web applications in Ruby.
network
low complexity
sinatrarb debian CWE-494
8.8
2022-11-28 CVE-2022-45939 OS Command Injection vulnerability in multiple products
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program.
local
low complexity
gnu debian fedoraproject CWE-78
7.8
2022-11-27 CVE-2022-45934 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Linux kernel through 6.0.10.
local
low complexity
linux fedoraproject netapp debian CWE-190
7.8