Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-06	CVE-2022-22707	Out-of-bounds Write vulnerability in multiple products In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. network high complexity lighttpd debian CWE-787	5.9
2022-01-06	CVE-2021-46144	Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. network low complexity roundcube debian CWE-79	6.1
2022-01-06	CVE-2021-46141	Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. local low complexity uriparser-project fedoraproject debian opensuse CWE-416	5.5
2022-01-06	CVE-2021-46142	Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. local low complexity uriparser-project fedoraproject debian opensuse CWE-416	5.5
2022-01-05	CVE-2021-28711	Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". local low complexity xen debian	6.5
2022-01-05	CVE-2021-28712	Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". local low complexity xen debian	6.5
2022-01-05	CVE-2021-28713	Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". local low complexity xen debian	6.5
2022-01-04	CVE-2021-41141	PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. network low complexity teluu debian	7.5
2022-01-04	CVE-2021-3842	nltk is vulnerable to Inefficient Regular Expression Complexity network low complexity nltk debian fedoraproject	7.5
2022-01-01	CVE-2021-45972	Improper Validation of Specified Quantity in Input vulnerability in multiple products The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. local low complexity giftrans-project debian CWE-1284	7.1