Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-02 | CVE-2022-27776 | Insufficiently Protected Credentials vulnerability in multiple products A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | 6.5 |
| 2022-05-26 | CVE-2022-26691 | Incorrect Comparison vulnerability in multiple products A logic issue was addressed with improved state management. | 6.7 |
| 2022-05-26 | CVE-2022-22577 | Cross-site Scripting vulnerability in multiple products An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. | 6.1 |
| 2022-05-26 | CVE-2022-27777 | Cross-site Scripting vulnerability in multiple products A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | 6.1 |
| 2022-05-26 | CVE-2022-30783 | Unchecked Return Value vulnerability in multiple products An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 |
| 2022-05-26 | CVE-2022-30785 | A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 |
| 2022-05-26 | CVE-2022-30787 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 |
| 2022-05-18 | CVE-2022-30974 | Uncontrolled Recursion vulnerability in multiple products compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. | 5.5 |
| 2022-05-18 | CVE-2022-30975 | NULL Pointer Dereference vulnerability in multiple products In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. | 5.5 |
| 2022-05-12 | CVE-2022-21151 | Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |