Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-03 CVE-2022-32293 Use After Free vulnerability in multiple products
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.
network
high complexity
intel debian CWE-416
8.1
2022-08-03 CVE-2022-36359 Download of Code Without Integrity Check vulnerability in multiple products
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7.
network
low complexity
djangoproject debian CWE-494
8.8
2022-08-01 CVE-2022-2509 Double Free vulnerability in multiple products
A vulnerability found in gnutls.
network
low complexity
gnu redhat fedoraproject debian CWE-415
7.5
2022-07-28 CVE-2022-30287 Unsafe Reflection vulnerability in multiple products
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class.
network
low complexity
horde debian CWE-470
8.0
2022-07-27 CVE-2022-36946 nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
network
low complexity
linux debian netapp
7.5
2022-07-26 CVE-2022-33745 insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode.
local
low complexity
xen debian fedoraproject
8.8
2022-07-25 CVE-2022-26306 Use of Insufficiently Random Values vulnerability in multiple products
LibreOffice supports the storage of passwords for web connections in the user’s configuration database.
network
low complexity
libreoffice debian CWE-330
7.5
2022-07-25 CVE-2022-26307 LibreOffice supports the storage of passwords for web connections in the user’s configuration database.
network
low complexity
libreoffice debian
8.8
2022-07-24 CVE-2021-46829 Integer Overflow or Wraparound vulnerability in multiple products
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame.
local
low complexity
gnome fedoraproject debian CWE-190
7.8
2022-07-22 CVE-2022-31163 Relative Path Traversal vulnerability in multiple products
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules.
network
high complexity
tzinfo-project debian CWE-23
8.1