Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2022-21716 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
7.5
2022-03-03 CVE-2022-0492 Missing Authorization vulnerability in multiple products
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function.
7.8
2022-03-03 CVE-2022-23648 containerd is a container runtime available as a daemon for Linux and Windows.
network
low complexity
linuxfoundation debian fedoraproject
7.5
2022-03-02 CVE-2022-0711 Infinite Loop vulnerability in multiple products
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header.
network
low complexity
haproxy redhat debian CWE-835
7.5
2022-02-26 CVE-2022-23308 Use After Free vulnerability in multiple products
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
7.5
2022-02-24 CVE-2022-0545 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded.
local
low complexity
blender debian CWE-190
7.8
2022-02-24 CVE-2022-0546 Integer Overflow or Wraparound vulnerability in multiple products
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
local
low complexity
blender fedoraproject debian CWE-190
7.8
2022-02-24 CVE-2022-21824 Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__".
network
low complexity
nodejs oracle debian netapp
8.2
2022-02-24 CVE-2019-25058 Incorrect Authorization vulnerability in multiple products
An issue was discovered in USBGuard before 1.1.0.
7.8
2022-02-24 CVE-2022-24407 SQL Injection vulnerability in multiple products
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
8.8