Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-07 CVE-2019-9972 Command Injection vulnerability in multiple products
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.
network
low complexity
3cx debian CWE-77
8.8
2022-06-02 CVE-2022-32250 Use After Free vulnerability in multiple products
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
local
low complexity
linux fedoraproject debian netapp CWE-416
7.8
2022-06-02 CVE-2022-1419 Use After Free vulnerability in multiple products
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.
local
low complexity
linux debian CWE-416
7.8
2022-06-02 CVE-2022-1652 Use After Free vulnerability in multiple products
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function.
local
low complexity
linux redhat debian netapp CWE-416
7.8
2022-06-02 CVE-2022-1968 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim debian apple CWE-416
7.8
2022-06-02 CVE-2022-27775 An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
network
low complexity
haxx debian netapp brocade splunk
7.5
2022-06-02 CVE-2022-27781 Infinite Loop vulnerability in multiple products
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
network
low complexity
haxx debian netapp splunk CWE-835
7.5
2022-06-02 CVE-2022-27782 Improper Certificate Validation vulnerability in multiple products
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup.
network
low complexity
haxx debian splunk CWE-295
7.5
2022-05-31 CVE-2022-31001 Out-of-bounds Read vulnerability in multiple products
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library.
network
low complexity
signalwire debian CWE-125
7.5
2022-05-31 CVE-2022-31002 Out-of-bounds Read vulnerability in multiple products
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library.
network
low complexity
signalwire debian CWE-125
7.5