Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-05 CVE-2021-43008 Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
network
low complexity
adminer debian
7.5
2022-04-04 CVE-2022-24801 HTTP Request Smuggling vulnerability in multiple products
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
network
high complexity
twistedmatrix debian fedoraproject oracle CWE-444
8.1
2022-04-04 CVE-2022-24785 Path Traversal: 'dir/../../filename' vulnerability in multiple products
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates.
7.5
2022-04-03 CVE-2022-28390 Double Free vulnerability in multiple products
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux fedoraproject debian netapp CWE-415
7.8
2022-03-30 CVE-2022-24790 HTTP Request Smuggling vulnerability in multiple products
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications.
network
low complexity
puma debian fedoraproject CWE-444
7.5
2022-03-30 CVE-2022-24763 Infinite Loop vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in the C language.
network
low complexity
pjsip debian CWE-835
7.5
2022-03-30 CVE-2022-1154 Use After Free vulnerability in multiple products
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
local
low complexity
vim fedoraproject debian oracle CWE-416
7.8
2022-03-25 CVE-2022-1049 Improper Authentication vulnerability in multiple products
A flaw was found in the Pacemaker configuration tool (pcs).
network
low complexity
clusterlabs debian CWE-287
8.8
2022-03-25 CVE-2018-25032 Out-of-bounds Write vulnerability in multiple products
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
7.5
2022-03-24 CVE-2021-43666 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
network
low complexity
arm debian
7.5