Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-05 CVE-2022-43548 OS Command Injection vulnerability in multiple products
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
network
high complexity
nodejs debian CWE-78
8.1
2022-11-28 CVE-2022-45442 Download of Code Without Integrity Check vulnerability in multiple products
Sinatra is a domain-specific language for creating web applications in Ruby.
network
low complexity
sinatrarb debian CWE-494
8.8
2022-11-28 CVE-2022-45939 OS Command Injection vulnerability in multiple products
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program.
local
low complexity
gnu debian fedoraproject CWE-78
7.8
2022-11-27 CVE-2022-45934 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Linux kernel through 6.0.10.
local
low complexity
linux fedoraproject netapp debian CWE-190
7.8
2022-11-26 CVE-2022-24999 qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used.
network
low complexity
qs-project openjsf debian
7.5
2022-11-23 CVE-2022-44789 Out-of-bounds Write vulnerability in multiple products
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
network
low complexity
artifex debian fedoraproject CWE-787
8.8
2022-11-15 CVE-2022-41916 Off-by-one Error vulnerability in multiple products
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos.
network
low complexity
heimdal-project debian CWE-193
7.5
2022-11-13 CVE-2022-3970 Numeric Errors vulnerability in multiple products
A vulnerability was found in LibTIFF.
network
low complexity
libtiff netapp debian apple CWE-189
8.8
2022-11-12 CVE-2022-45188 Out-of-bounds Write vulnerability in multiple products
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file.
local
low complexity
netatalk debian fedoraproject CWE-787
7.8
2022-11-09 CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. 7.5