Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-10 | CVE-2021-43579 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. | 6.8 |
| 2022-01-06 | CVE-2022-21662 | Cross-site Scripting vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. | 5.4 |
| 2022-01-06 | CVE-2021-28714 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. | 6.5 |
| 2022-01-06 | CVE-2021-28715 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. | 6.5 |
| 2022-01-06 | CVE-2022-22707 | Out-of-bounds Write vulnerability in multiple products In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. | 4.3 |
| 2022-01-06 | CVE-2021-46144 | Cross-site Scripting vulnerability in multiple products Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. | 4.3 |
| 2022-01-06 | CVE-2021-46141 | Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. | 5.5 |
| 2022-01-06 | CVE-2021-46142 | Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. | 5.5 |
| 2022-01-04 | CVE-2021-3842 | nltk is vulnerable to Inefficient Regular Expression Complexity | 5.0 |
| 2022-01-01 | CVE-2021-44717 | Improper Resource Shutdown or Release vulnerability in multiple products Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | 4.8 |