Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-19 CVE-2022-1924 Integer Overflow or Wraparound vulnerability in multiple products
DOS / potential heap overwrite in mkv demuxing using lzo decompression.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-1925 Integer Overflow or Wraparound vulnerability in multiple products
DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-2122 Integer Overflow or Wraparound vulnerability in multiple products
DOS / potential heap overwrite in qtdemux using zlib decompression.
local
low complexity
gstreamer-project debian CWE-190
7.8
2022-07-19 CVE-2022-34169 Incorrect Conversion between Numeric Types vulnerability in multiple products
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets.
7.5
2022-07-19 CVE-2022-2469 Out-of-bounds Read vulnerability in multiple products
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client
network
low complexity
gnu debian CWE-125
8.1
2022-07-18 CVE-2020-16093 Improper Certificate Validation vulnerability in multiple products
In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
network
low complexity
lemonldap-ng debian CWE-295
7.5
2022-07-17 CVE-2022-30550 Improper Authentication vulnerability in multiple products
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20.
network
low complexity
dovecot debian CWE-287
8.8
2022-07-14 CVE-2022-32212 OS Command Injection vulnerability in multiple products
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
network
high complexity
nodejs debian fedoraproject siemens CWE-78
8.1
2022-07-12 CVE-2022-29187 Improper Ownership Management vulnerability in multiple products
Git is a distributed revision control system.
local
low complexity
git-scm fedoraproject apple debian CWE-282
7.8
2022-07-11 CVE-2022-35414 Use of Uninitialized Resource vulnerability in multiple products
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.
local
low complexity
qemu debian CWE-908
8.8