Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-23 CVE-2020-35511 Buffer Over-read vulnerability in multiple products
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
local
low complexity
libpng debian CWE-126
7.8
2022-08-23 CVE-2022-31676 Improper Privilege Management vulnerability in multiple products
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability.
local
low complexity
vmware debian fedoraproject netapp CWE-269
7.8
2022-08-23 CVE-2022-2946 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.0246.
local
low complexity
vim fedoraproject debian CWE-416
7.8
2022-08-23 CVE-2021-20298 Out-of-bounds Write vulnerability in multiple products
A flaw was found in OpenEXR's B44Compressor.
network
low complexity
openexr debian CWE-787
7.5
2022-08-23 CVE-2021-23177 Link Following vulnerability in multiple products
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link.
7.8
2022-08-23 CVE-2021-31566 Link Following vulnerability in multiple products
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive.
7.8
2022-08-19 CVE-2020-27792 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file.
local
low complexity
artifex debian CWE-119
7.1
2022-08-15 CVE-2020-21365 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.
network
low complexity
wkhtmltopdf debian CWE-22
7.5
2022-08-10 CVE-2021-37150 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources.
network
low complexity
apache debian fedoraproject CWE-20
7.5
2022-08-10 CVE-2022-25763 HTTP Request Smuggling vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.
network
low complexity
apache debian fedoraproject CWE-444
7.5