Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-12 CVE-2021-43860 Incorrect Default Permissions vulnerability in multiple products
Flatpak is a Linux application sandboxing and distribution framework.
local
low complexity
flatpak fedoraproject redhat debian CWE-276
8.6
8.6
2022-01-12 CVE-2021-44648 Out-of-bounds Write vulnerability in multiple products
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
network
low complexity
gnome fedoraproject debian CWE-787
8.8
8.8
2022-01-10 CVE-2021-36409 Reachable Assertion vulnerability in multiple products
There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.
local
low complexity
struktur debian CWE-617
7.8
7.8
2022-01-10 CVE-2021-21408 Improper Input Validation vulnerability in multiple products
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.
network
low complexity
smarty debian fedoraproject CWE-20
8.8
8.8
2022-01-10 CVE-2021-29454 Injection vulnerability in multiple products
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.
network
low complexity
smarty debian fedoraproject CWE-74
8.8
8.8
2022-01-10 CVE-2022-22825 Integer Overflow or Wraparound vulnerability in multiple products
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable debian siemens CWE-190
8.8
8.8
2022-01-10 CVE-2022-22826 Integer Overflow or Wraparound vulnerability in multiple products
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable debian siemens CWE-190
8.8
8.8
2022-01-10 CVE-2022-22827 Integer Overflow or Wraparound vulnerability in multiple products
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable debian siemens CWE-190
8.8
8.8
2022-01-06 CVE-2022-21661 SQL Injection vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress fedoraproject debian CWE-89
7.5
7.5
2022-01-06 CVE-2022-21663 Deserialization of Untrusted Data vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress debian fedoraproject CWE-502
7.2
7.2