Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-18 CVE-2020-16093 Improper Certificate Validation vulnerability in multiple products
In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
network
low complexity
lemonldap-ng debian CWE-295
7.5
2022-07-17 CVE-2022-30550 Improper Authentication vulnerability in multiple products
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20.
network
low complexity
dovecot debian CWE-287
8.8
2022-07-14 CVE-2022-32212 OS Command Injection vulnerability in multiple products
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
network
high complexity
nodejs debian fedoraproject siemens CWE-78
8.1
2022-07-12 CVE-2022-29187 Improper Ownership Management vulnerability in multiple products
Git is a distributed revision control system.
local
low complexity
git-scm fedoraproject apple debian CWE-282
7.8
2022-07-11 CVE-2022-35414 Use of Uninitialized Resource vulnerability in multiple products
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.
local
low complexity
qemu debian CWE-908
8.8
2022-07-08 CVE-2022-35410 Path Traversal vulnerability in multiple products
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process.
network
low complexity
0xacab debian CWE-22
7.5
2022-07-07 CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources.
network
low complexity
eclipse debian netapp jenkins
7.5
2022-07-06 CVE-2022-31129 moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates.
network
low complexity
momentjs fedoraproject debian
7.5
2022-07-05 CVE-2022-26365 Memory Leak vulnerability in multiple products
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
local
low complexity
linux xen debian fedoraproject CWE-401
7.1
2022-07-05 CVE-2022-2304 Stack-based Buffer Overflow vulnerability in multiple products
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
local
low complexity
vim fedoraproject debian CWE-121
7.8