Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-20 CVE-2021-46828 Infinite Loop vulnerability in multiple products
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled.
network
low complexity
libtirpc-project debian CWE-835
7.5
2022-07-19 CVE-2022-1920 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-1921 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-1922 Integer Overflow or Wraparound vulnerability in multiple products
DOS / potential heap overwrite in mkv demuxing using zlib decompression.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-1923 Integer Overflow or Wraparound vulnerability in multiple products
DOS / potential heap overwrite in mkv demuxing using bzip decompression.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-1924 Integer Overflow or Wraparound vulnerability in multiple products
DOS / potential heap overwrite in mkv demuxing using lzo decompression.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-1925 Integer Overflow or Wraparound vulnerability in multiple products
DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-2122 Integer Overflow or Wraparound vulnerability in multiple products
DOS / potential heap overwrite in qtdemux using zlib decompression.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-34169 Incorrect Conversion between Numeric Types vulnerability in multiple products
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets.
7.5
2022-07-19 CVE-2022-2469 Out-of-bounds Read vulnerability in multiple products
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client
network
low complexity
gnu debian CWE-125
8.1