Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-23 CVE-2021-31566 Link Following vulnerability in multiple products
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive.
7.8
2022-08-19 CVE-2020-27792 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file.
local
low complexity
artifex debian CWE-119
7.1
2022-08-15 CVE-2020-21365 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.
network
low complexity
wkhtmltopdf debian CWE-22
7.5
2022-08-10 CVE-2021-37150 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources.
network
low complexity
apache debian fedoraproject CWE-20
7.5
2022-08-10 CVE-2022-25763 HTTP Request Smuggling vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.
network
low complexity
apache debian fedoraproject CWE-444
7.5
2022-08-10 CVE-2022-28129 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.
network
low complexity
apache debian fedoraproject CWE-20
7.5
2022-08-10 CVE-2022-31778 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache.
network
low complexity
apache debian CWE-20
7.5
2022-08-10 CVE-2022-31779 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian fedoraproject CWE-20
7.5
2022-08-10 CVE-2022-31780 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian fedoraproject CWE-20
7.5
2022-08-03 CVE-2022-31197 SQL Injection vulnerability in multiple products
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code.
network
low complexity
postgresql debian fedoraproject CWE-89
8.0