Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2022-23648 containerd is a container runtime available as a daemon for Linux and Windows.
network
low complexity
linuxfoundation debian fedoraproject
7.5
2022-03-02 CVE-2022-0711 Infinite Loop vulnerability in multiple products
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header.
network
low complexity
haproxy redhat debian CWE-835
7.5
2022-02-26 CVE-2022-23308 Use After Free vulnerability in multiple products
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
7.5
2022-02-24 CVE-2022-0545 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded.
local
low complexity
blender debian CWE-190
7.8
2022-02-24 CVE-2022-0546 Integer Overflow or Wraparound vulnerability in multiple products
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
local
low complexity
blender fedoraproject debian CWE-190
7.8
2022-02-24 CVE-2022-21824 Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__".
network
low complexity
nodejs oracle debian netapp
8.2
2022-02-24 CVE-2019-25058 Incorrect Authorization vulnerability in multiple products
An issue was discovered in USBGuard before 1.1.0.
7.8
2022-02-24 CVE-2022-24407 SQL Injection vulnerability in multiple products
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
8.8
2022-02-24 CVE-2022-25636 Improper Privilege Management vulnerability in multiple products
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write.
local
low complexity
linux debian netapp oracle CWE-269
7.8
2022-02-23 CVE-2022-0729 Use of Out-of-range Pointer Offset vulnerability in multiple products
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
network
low complexity
vim fedoraproject debian apple CWE-823
8.8