Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-11 CVE-2022-35414 Use of Uninitialized Resource vulnerability in multiple products
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.
local
low complexity
qemu debian CWE-908
8.8
8.8
2022-07-08 CVE-2022-35410 Path Traversal vulnerability in multiple products
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process.
network
low complexity
0xacab debian CWE-22
7.5
7.5
2022-07-07 CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources.
network
low complexity
eclipse debian netapp jenkins
7.5
7.5
2022-07-06 CVE-2022-31129 moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates.
network
low complexity
momentjs fedoraproject debian
7.5
7.5
2022-07-05 CVE-2022-26365 Memory Leak vulnerability in multiple products
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
local
low complexity
linux xen debian fedoraproject CWE-401
7.1
7.1
2022-07-05 CVE-2022-2304 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-07-05 CVE-2022-33740 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
local
low complexity
fedoraproject debian linux xen CWE-212
7.1
7.1
2022-07-05 CVE-2022-33741 Information Exposure vulnerability in multiple products
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
local
low complexity
fedoraproject debian linux xen CWE-200
7.1
7.1
2022-07-05 CVE-2022-33742 Information Exposure vulnerability in multiple products
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
local
low complexity
fedoraproject debian linux xen CWE-200
7.1
7.1
2022-07-05 CVE-2022-33743 network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.
local
low complexity
xen linux debian
7.8
7.8