Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-27 | CVE-2022-23181 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. | 7.0 |
2022-01-26 | CVE-2022-23990 | Integer Overflow or Wraparound vulnerability in multiple products Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | 7.5 |
2022-01-26 | CVE-2022-0368 | Out-of-bounds Read vulnerability in multiple products Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-01-26 | CVE-2021-22600 | Double Free vulnerability in multiple products A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. | 7.0 |
2022-01-26 | CVE-2022-0361 | Heap-based Buffer Overflow vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-01-26 | CVE-2022-0359 | Heap-based Buffer Overflow vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-01-25 | CVE-2022-0351 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-01-25 | CVE-2022-23033 | Improper Resource Shutdown or Release vulnerability in multiple products arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. | 7.8 |
2022-01-25 | CVE-2021-45342 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | 7.8 |
2022-01-25 | CVE-2021-45844 | OS Command Injection vulnerability in multiple products Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. | 7.8 |