Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-26 CVE-2022-33745 insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode.
local
low complexity
xen debian fedoraproject
8.8
2022-07-25 CVE-2022-26306 Use of Insufficiently Random Values vulnerability in multiple products
LibreOffice supports the storage of passwords for web connections in the user’s configuration database.
network
low complexity
libreoffice debian CWE-330
7.5
2022-07-25 CVE-2022-26307 LibreOffice supports the storage of passwords for web connections in the user’s configuration database.
network
low complexity
libreoffice debian
8.8
2022-07-24 CVE-2021-46829 Integer Overflow or Wraparound vulnerability in multiple products
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame.
local
low complexity
gnome fedoraproject debian CWE-190
7.8
2022-07-22 CVE-2022-31163 Relative Path Traversal vulnerability in multiple products
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules.
network
high complexity
tzinfo-project debian CWE-23
8.1
2022-07-20 CVE-2021-46828 Infinite Loop vulnerability in multiple products
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled.
network
low complexity
libtirpc-project debian CWE-835
7.5
2022-07-19 CVE-2022-1920 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-1921 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-1922 Integer Overflow or Wraparound vulnerability in multiple products
DOS / potential heap overwrite in mkv demuxing using zlib decompression.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-1923 Integer Overflow or Wraparound vulnerability in multiple products
DOS / potential heap overwrite in mkv demuxing using bzip decompression.
local
low complexity
gstreamer-project debian CWE-190
7.8