Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-16 CVE-2022-40149 Out-of-bounds Write vulnerability in multiple products
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
jettison-project debian CWE-787
7.5
2022-09-16 CVE-2022-40150 Uncontrolled Recursion vulnerability in multiple products
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
jettison-project debian CWE-674
7.5
2022-09-14 CVE-2022-40674 Use After Free vulnerability in multiple products
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
network
high complexity
libexpat-project debian fedoraproject CWE-416
8.1
2022-09-12 CVE-2022-37797 NULL Pointer Dereference vulnerability in multiple products
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received.
network
low complexity
lighttpd debian CWE-476
7.5
2022-09-07 CVE-2022-40023 Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse.
network
low complexity
sqlalchemy debian
7.5
2022-09-06 CVE-2022-3134 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.0389.
local
low complexity
vim debian CWE-416
7.8
2022-09-06 CVE-2022-2735 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was found in the PCS project.
local
low complexity
clusterlabs debian CWE-276
7.8
2022-09-05 CVE-2022-3008 Command Injection vulnerability in multiple products
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file.
network
low complexity
tinygltf-project debian CWE-77
8.8
2022-09-03 CVE-2022-3099 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.0360.
local
low complexity
vim fedoraproject debian CWE-416
7.8
2022-09-02 CVE-2020-29260 Resource Exhaustion vulnerability in multiple products
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
network
low complexity
libvncserver-project debian CWE-400
7.5