Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-17 CVE-2022-24302 Race Condition vulnerability in multiple products
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
network
high complexity
paramiko debian fedoraproject CWE-362
5.9
5.9
2022-03-16 CVE-2021-20257 An infinite loop flaw was found in the e1000 NIC emulator of the QEMU.
local
low complexity
qemu fedoraproject redhat debian
6.5
6.5
2022-03-13 CVE-2022-23960 Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB.
local
high complexity
xen arm debian
5.6
5.6
2022-03-12 CVE-2022-26966 An issue was discovered in the Linux kernel before 5.16.12.
local
low complexity
linux netapp debian
5.5
5.5
2022-03-11 CVE-2022-0907 Unchecked Return Value vulnerability in multiple products
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff debian fedoraproject netapp CWE-252
5.5
5.5
2022-03-11 CVE-2022-0908 NULL Pointer Dereference vulnerability in multiple products
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
local
low complexity
libtiff debian fedoraproject netapp CWE-476
5.5
5.5
2022-03-11 CVE-2022-0909 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff debian fedoraproject netapp CWE-369
5.5
5.5
2022-03-11 CVE-2022-0924 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff debian fedoraproject netapp CWE-125
5.5
5.5
2022-03-11 CVE-2022-26874 Cross-site Scripting vulnerability in multiple products
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition.
network
low complexity
horde debian CWE-79
5.4
5.4
2022-03-10 CVE-2022-26847 Information Exposure vulnerability in multiple products
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
network
low complexity
spip debian CWE-200
5.3
5.3