Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-25	CVE-2021-3582	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. local low complexity qemu debian CWE-119	6.5
2022-03-25	CVE-2021-3933	An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. local low complexity openexr fedoraproject debian	5.5
2022-03-25	CVE-2021-3941	In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. local low complexity openexr redhat fedoraproject debian	6.5
2022-03-25	CVE-2022-0494	Use of Uninitialized Resource vulnerability in multiple products A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. local low complexity linux debian CWE-908	4.4
2022-03-25	CVE-2022-1049	A flaw was found in the Pacemaker configuration tool (pcs). network low complexity clusterlabs debian	8.8
2022-03-25	CVE-2018-25032	Out-of-bounds Write vulnerability in multiple products zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. network low complexity zlib debian fedoraproject apple python mariadb netapp siemens azul goto CWE-787	7.5
2022-03-24	CVE-2022-24769	Moby is an open-source project created by Docker to enable and accelerate software containerization. local low complexity mobyproject fedoraproject linuxfoundation debian	5.9
2022-03-24	CVE-2021-43666	A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. network low complexity arm debian	7.5
2022-03-23	CVE-2021-3618	ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. network high complexity f5 sendmail vsftpd-project fedoraproject debian	7.4
2022-03-23	CVE-2021-3748	Use After Free vulnerability in multiple products A use-after-free vulnerability was found in the virtio-net device of QEMU. local high complexity qemu debian canonical fedoraproject redhat CWE-416	7.5