Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-10 | CVE-2022-26846 | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | 8.8 |
2022-03-10 | CVE-2022-26662 | XML Entity Expansion vulnerability in multiple products An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. | 7.5 |
2022-03-10 | CVE-2022-0204 | Integer Overflow or Wraparound vulnerability in multiple products A heap overflow vulnerability was found in bluez in versions prior to 5.63. | 8.8 |
2022-03-10 | CVE-2022-0516 | A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. | 7.8 |
2022-03-10 | CVE-2022-0891 | Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact | 7.1 |
2022-03-08 | CVE-2022-24713 | regex is an implementation of regular expressions for the Rust language. | 7.5 |
2022-03-06 | CVE-2022-26505 | Authentication Bypass by Spoofing vulnerability in multiple products A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. | 7.4 |
2022-03-06 | CVE-2022-26490 | Classic Buffer Overflow vulnerability in multiple products st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | 7.8 |
2022-03-05 | CVE-2022-24921 | Uncontrolled Recursion vulnerability in multiple products regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | 7.5 |
2022-03-03 | CVE-2021-3640 | Race Condition vulnerability in multiple products A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. | 7.0 |