Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-27 CVE-2022-23181 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using.
local
high complexity
apache oracle debian CWE-367
7.0
2022-01-26 CVE-2022-23990 Integer Overflow or Wraparound vulnerability in multiple products
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
7.5
2022-01-26 CVE-2022-0368 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim debian apple CWE-125
7.8
2022-01-26 CVE-2021-22600 Double Free vulnerability in multiple products
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service.
local
high complexity
linux debian netapp CWE-415
7.0
2022-01-26 CVE-2022-0361 Heap-based Buffer Overflow vulnerability in multiple products
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim debian apple CWE-122
7.8
2022-01-26 CVE-2022-0359 Heap-based Buffer Overflow vulnerability in multiple products
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim debian apple CWE-122
7.8
2022-01-25 CVE-2022-0351 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim debian apple CWE-119
7.8
2022-01-25 CVE-2022-23033 Improper Resource Shutdown or Release vulnerability in multiple products
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set.
local
low complexity
xen fedoraproject debian CWE-404
7.8
2022-01-25 CVE-2021-45342 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
local
low complexity
librecad fedoraproject debian CWE-120
7.8
2022-01-25 CVE-2021-45844 OS Command Injection vulnerability in multiple products
Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.
local
low complexity
freecadweb debian CWE-78
7.8