High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-19	CVE-2022-1924	Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in mkv demuxing using lzo decompression. local low complexity gstreamer-project debian CWE-190	7.8
2022-07-19	CVE-2022-1925	Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. local low complexity gstreamer-project debian CWE-190	7.8
2022-07-19	CVE-2022-2122	Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in qtdemux using zlib decompression. local low complexity gstreamer-project debian CWE-190	7.8
2022-07-19	CVE-2022-34169	Incorrect Conversion between Numeric Types vulnerability in multiple products The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. network low complexity apache debian oracle fedoraproject netapp azul CWE-681	7.5
2022-07-19	CVE-2022-2469	Out-of-bounds Read vulnerability in multiple products GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client network low complexity gnu debian CWE-125	8.1
2022-07-18	CVE-2020-16093	Improper Certificate Validation vulnerability in multiple products In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. network low complexity lemonldap-ng debian CWE-295	7.5
2022-07-17	CVE-2022-30550	Improper Authentication vulnerability in multiple products An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. network low complexity dovecot debian CWE-287	8.8
2022-07-14	CVE-2022-32212	OS Command Injection vulnerability in multiple products A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. network high complexity nodejs debian fedoraproject siemens CWE-78	8.1
2022-07-12	CVE-2022-29187	Improper Ownership Management vulnerability in multiple products Git is a distributed revision control system. local low complexity git-scm fedoraproject apple debian CWE-282	7.8
2022-07-11	CVE-2022-35414	Use of Uninitialized Resource vulnerability in multiple products softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. local low complexity qemu debian CWE-908	8.8