Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-14 | CVE-2022-23517 | rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. | 7.5 |
2022-12-13 | CVE-2022-45685 | Out-of-bounds Write vulnerability in multiple products A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. | 7.5 |
2022-12-13 | CVE-2022-45693 | Out-of-bounds Write vulnerability in multiple products Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. | 7.5 |
2022-12-12 | CVE-2022-41881 | Uncontrolled Recursion vulnerability in multiple products Netty project is an event-driven asynchronous network application framework. | 7.5 |
2022-12-06 | CVE-2022-41325 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. | 7.8 |
2022-12-05 | CVE-2022-30122 | A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. | 7.5 |
2022-12-05 | CVE-2022-43548 | OS Command Injection vulnerability in multiple products A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | 8.1 |
2022-11-28 | CVE-2022-45442 | Download of Code Without Integrity Check vulnerability in multiple products Sinatra is a domain-specific language for creating web applications in Ruby. | 8.8 |
2022-11-28 | CVE-2022-45939 | OS Command Injection vulnerability in multiple products GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. | 7.8 |
2022-11-27 | CVE-2022-45934 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in the Linux kernel through 6.0.10. | 7.8 |