Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-09 CVE-2022-3889 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian CWE-843
8.8
2022-11-08 CVE-2022-39377 Incorrect Calculation of Buffer Size vulnerability in multiple products
sysstat is a set of system performance tools for the Linux operating system.
7.8
2022-11-06 CVE-2022-40284 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow was discovered in NTFS-3G before 2022.10.3.
local
low complexity
tuxera debian fedoraproject CWE-120
7.8
2022-11-04 CVE-2021-34055 Classic Buffer Overflow vulnerability in multiple products
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.
local
low complexity
jhead-project debian CWE-120
7.8
2022-11-03 CVE-2022-44638 Integer Overflow or Wraparound vulnerability in multiple products
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
network
low complexity
pixman debian fedoraproject CWE-190
8.8
2022-11-02 CVE-2021-37789 Out-of-bounds Write vulnerability in multiple products
stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.
network
low complexity
stb-project debian CWE-787
8.1
2022-11-01 CVE-2022-42823 Type Confusion vulnerability in multiple products
A type confusion issue was addressed with improved memory handling.
network
low complexity
apple fedoraproject debian CWE-843
8.8
2022-11-01 CVE-2022-42309 Release of Invalid Pointer or Reference vulnerability in multiple products
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage.
local
low complexity
xen debian fedoraproject CWE-763
8.8
2022-11-01 CVE-2022-42320 Incomplete Cleanup vulnerability in multiple products
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid.
local
high complexity
xen debian fedoraproject CWE-459
7.0
2022-10-31 CVE-2022-40617 Resource Exhaustion vulnerability in multiple products
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
7.5