Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-26 CVE-2022-24999 qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used.
network
low complexity
qs-project openjsf debian
7.5
2022-11-23 CVE-2022-44789 Out-of-bounds Write vulnerability in multiple products
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
network
low complexity
artifex debian fedoraproject CWE-787
8.8
2022-11-15 CVE-2022-41916 Off-by-one Error vulnerability in multiple products
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos.
network
low complexity
heimdal-project debian CWE-193
7.5
2022-11-13 CVE-2022-3970 Numeric Errors vulnerability in multiple products
A vulnerability was found in LibTIFF.
network
low complexity
libtiff netapp debian apple CWE-189
8.8
2022-11-12 CVE-2022-45188 Out-of-bounds Write vulnerability in multiple products
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file.
local
low complexity
netatalk debian fedoraproject CWE-787
7.8
2022-11-09 CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. 7.5
2022-11-09 CVE-2022-3885 Use After Free vulnerability in multiple products
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
2022-11-09 CVE-2022-3886 Use After Free vulnerability in multiple products
Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
2022-11-09 CVE-2022-3887 Use After Free vulnerability in multiple products
Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8
2022-11-09 CVE-2022-3888 Use After Free vulnerability in multiple products
Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-416
8.8