Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-08 CVE-2022-3435 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A vulnerability classified as problematic has been found in Linux Kernel.
network
low complexity
linux fedoraproject debian CWE-119
4.3
2022-10-07 CVE-2022-2928 NULL Pointer Dereference vulnerability in multiple products
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field.
low complexity
isc debian fedoraproject CWE-476
6.5
2022-10-07 CVE-2022-2929 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
low complexity
isc debian fedoraproject CWE-770
6.5
2022-09-30 CVE-2022-41849 Use After Free vulnerability in multiple products
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
high complexity
linux debian CWE-416
4.2
2022-09-30 CVE-2022-41850 Use After Free vulnerability in multiple products
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
local
high complexity
linux debian CWE-416
4.7
2022-09-28 CVE-2022-31628 Infinite Loop vulnerability in multiple products
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
local
low complexity
php fedoraproject debian CWE-835
5.5
2022-09-28 CVE-2022-31629 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
network
low complexity
php fedoraproject debian
6.5
2022-09-27 CVE-2022-3303 Improper Locking vulnerability in multiple products
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking.
local
high complexity
linux debian CWE-667
4.7
2022-09-26 CVE-2022-3201 Improper Input Validation vulnerability in multiple products
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-20
5.4
2022-09-22 CVE-2022-38398 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol.
network
low complexity
apache debian CWE-918
5.3