Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-19 CVE-2022-28203 Release of Invalid Pointer or Reference vulnerability in multiple products
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
network
low complexity
mediawiki debian CWE-763
7.5
2022-09-18 CVE-2022-3235 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
local
low complexity
vim fedoraproject debian CWE-416
7.8
2022-09-17 CVE-2022-3234 Heap-based Buffer Overflow vulnerability in multiple products
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
local
low complexity
vim fedoraproject debian CWE-122
7.8
2022-09-16 CVE-2022-3176 Use After Free vulnerability in multiple products
There exists a use-after-free in io_uring in the Linux kernel.
local
low complexity
linux debian CWE-416
7.8
2022-09-16 CVE-2022-40149 Out-of-bounds Write vulnerability in multiple products
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
jettison-project debian CWE-787
7.5
2022-09-16 CVE-2022-40150 Uncontrolled Recursion vulnerability in multiple products
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
jettison-project debian CWE-674
7.5
2022-09-14 CVE-2022-40674 Use After Free vulnerability in multiple products
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
network
high complexity
libexpat-project debian fedoraproject CWE-416
8.1
2022-09-12 CVE-2022-37797 NULL Pointer Dereference vulnerability in multiple products
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received.
network
low complexity
lighttpd debian CWE-476
7.5
2022-09-07 CVE-2022-40023 Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse.
network
low complexity
sqlalchemy debian
7.5
2022-09-06 CVE-2022-3134 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.0389.
local
low complexity
vim debian CWE-416
7.8