Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-02 CVE-2022-42003 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
7.5
2022-10-02 CVE-2022-42004 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
7.5
2022-09-29 CVE-2022-3352 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
local
low complexity
vim fedoraproject debian CWE-416
7.8
7.8
2022-09-28 CVE-2022-1270 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
local
low complexity
graphicsmagick debian CWE-119
7.8
7.8
2022-09-28 CVE-2022-39261 Path Traversal vulnerability in multiple products
Twig is a template language for PHP.
network
low complexity
symfony drupal fedoraproject debian CWE-22
7.5
7.5
2022-09-27 CVE-2022-3324 Stack-based Buffer Overflow vulnerability in multiple products
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
local
low complexity
vim fedoraproject debian CWE-121
7.8
7.8
2022-09-23 CVE-2022-40188 Algorithmic Complexity vulnerability in multiple products
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity.
network
low complexity
nic fedoraproject debian CWE-407
7.5
7.5
2022-09-22 CVE-2022-1941 A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures.
network
low complexity
google fedoraproject debian
7.5
7.5
2022-09-22 CVE-2022-40146 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url.
network
low complexity
apache debian CWE-918
7.5
7.5
2022-09-22 CVE-2022-3256 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.0530.
local
low complexity
vim fedoraproject debian CWE-416
7.8
7.8