Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-24 CVE-2022-2978 A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy.
local
low complexity
linux debian
7.8
7.8
2022-08-23 CVE-2020-35511 A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
local
low complexity
libpng debian
7.8
7.8
2022-08-23 CVE-2022-31676 Improper Privilege Management vulnerability in multiple products
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability.
local
low complexity
vmware debian fedoraproject netapp CWE-269
7.8
7.8
2022-08-23 CVE-2022-2946 Use After Free in GitHub repository vim/vim prior to 9.0.0246.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-08-23 CVE-2021-20298 Out-of-bounds Write vulnerability in multiple products
A flaw was found in OpenEXR's B44Compressor.
network
low complexity
openexr debian CWE-787
7.5
7.5
2022-08-23 CVE-2021-23177 An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link.
local
low complexity
libarchive fedoraproject redhat debian
7.8
7.8
2022-08-23 CVE-2021-31566 An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. 7.8
7.8
2022-08-19 CVE-2020-27792 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file.
local
low complexity
artifex debian CWE-119
7.1
7.1
2022-08-15 CVE-2020-21365 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.
network
low complexity
wkhtmltopdf debian CWE-22
7.5
7.5
2022-08-10 CVE-2021-37150 Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources.
network
low complexity
apache debian fedoraproject
7.5
7.5