Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-24 CVE-2022-29221 Code Injection vulnerability in multiple products
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.
network
low complexity
smarty debian fedoraproject CWE-94
8.8
8.8
2022-05-19 CVE-2022-1785 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
local
low complexity
vim debian CWE-787
7.8
7.8
2022-05-18 CVE-2022-1734 Use After Free vulnerability in multiple products
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
local
high complexity
linux debian netapp CWE-416
7.0
7.0
2022-05-17 CVE-2022-30688 needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation.
local
low complexity
needrestart-project debian
7.8
7.8
2022-05-17 CVE-2022-29581 Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root.
local
low complexity
linux debian canonical netapp
7.8
7.8
2022-05-16 CVE-2022-1679 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages.
local
low complexity
linux debian netapp CWE-416
7.8
7.8
2022-05-12 CVE-2022-29885 Resource Exhaustion vulnerability in multiple products
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network.
network
low complexity
apache debian oracle CWE-400
7.5
7.5
2022-05-12 CVE-2022-30594 Missing Authorization vulnerability in multiple products
The Linux kernel before 5.17.2 mishandles seccomp permissions.
local
low complexity
linux debian netapp CWE-862
7.8
7.8
2022-05-10 CVE-2022-1621 Heap-based Buffer Overflow vulnerability in multiple products
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919.
local
low complexity
vim debian fedoraproject apple CWE-122
7.8
7.8
2022-05-09 CVE-2022-28739 Out-of-bounds Read vulnerability in multiple products
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2.
network
low complexity
ruby-lang debian apple CWE-125
7.5
7.5