Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-25 CVE-2021-45341 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
network
low complexity
librecad fedoraproject debian CWE-120
8.8
2022-01-21 CVE-2022-23837 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph.
network
low complexity
contribsys debian CWE-770
7.5
2022-01-20 CVE-2021-45417 Out-of-bounds Write vulnerability in multiple products
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
7.8
2022-01-19 CVE-2022-21699 IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language.
local
low complexity
ipython debian fedoraproject
8.8
2022-01-18 CVE-2021-4083 Race Condition vulnerability in multiple products
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition.
local
high complexity
linux netapp debian oracle CWE-362
7.0
2022-01-18 CVE-2022-0261 Out-of-bounds Write vulnerability in multiple products
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim debian apple CWE-787
7.8
2022-01-15 CVE-2022-23094 NULL Pointer Dereference vulnerability in multiple products
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists.
network
low complexity
libreswan fedoraproject debian CWE-476
7.5
2022-01-14 CVE-2022-23222 NULL Pointer Dereference vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
local
low complexity
linux debian netapp fedoraproject CWE-476
7.8
2022-01-14 CVE-2022-20698 Out-of-bounds Read vulnerability in multiple products
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav debian canonical CWE-125
7.5
2022-01-12 CVE-2021-43860 Incorrect Default Permissions vulnerability in multiple products
Flatpak is a Linux application sandboxing and distribution framework.
local
low complexity
flatpak fedoraproject redhat debian CWE-276
8.6