Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-20 CVE-2022-1720 Buffer Over-read vulnerability in multiple products
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956.
local
low complexity
vim debian fedoraproject apple CWE-126
7.8
7.8
2022-06-19 CVE-2022-2129 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim fedoraproject debian CWE-787
7.8
7.8
2022-06-19 CVE-2022-2126 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim debian fedoraproject apple CWE-125
7.8
7.8
2022-06-19 CVE-2022-2124 Buffer Over-read vulnerability in multiple products
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim debian fedoraproject apple CWE-126
7.8
7.8
2022-06-16 CVE-2022-31291 Double Free vulnerability in multiple products
An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets.
network
low complexity
genivi debian CWE-415
7.5
7.5
2022-06-16 CVE-2022-31625 Release of Invalid Pointer or Reference vulnerability in multiple products
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers.
network
high complexity
php debian CWE-763
8.1
8.1
2022-06-16 CVE-2022-31626 Classic Buffer Overflow vulnerability in multiple products
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
network
low complexity
php debian CWE-120
8.8
8.8
2022-06-10 CVE-2022-31042 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Guzzle is an open source PHP HTTP client.
network
low complexity
guzzlephp drupal debian CWE-212
7.5
7.5
2022-06-10 CVE-2022-31043 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Guzzle is an open source PHP HTTP client.
network
low complexity
guzzlephp drupal debian CWE-212
7.5
7.5
2022-06-09 CVE-2022-2000 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim fedoraproject apple debian CWE-787
7.8
7.8