Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-03-06 CVE-2022-26505 Authentication Bypass by Spoofing vulnerability in multiple products
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.
network
low complexity
readymedia-project debian CWE-290
7.4
7.4
2022-03-06 CVE-2022-26495 Integer Overflow or Wraparound vulnerability in multiple products
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow.
network
low complexity
network-block-device-project debian fedoraproject CWE-190
critical
 9.8
9.8
2022-03-06 CVE-2022-26496 Out-of-bounds Write vulnerability in multiple products
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow.
network
low complexity
network-block-device-project debian fedoraproject CWE-787
critical
 9.8
9.8
2022-03-06 CVE-2022-26490 Classic Buffer Overflow vulnerability in multiple products
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
local
low complexity
linux fedoraproject netapp debian CWE-120
7.8
7.8
2022-03-05 CVE-2022-24921 Uncontrolled Recursion vulnerability in multiple products
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
network
low complexity
golang netapp debian CWE-674
7.5
7.5
2022-03-04 CVE-2021-20300 A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp.
local
low complexity
openexr debian
5.5
5.5
2022-03-04 CVE-2021-20302 A flaw was found in OpenEXR's TiledInputFile functionality.
local
low complexity
openexr debian
5.5
5.5
2022-03-04 CVE-2021-20303 A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp.
local
low complexity
openexr debian
6.1
6.1
2022-03-04 CVE-2021-3744 A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).
local
low complexity
linux fedoraproject debian redhat oracle
5.5
5.5
2022-03-03 CVE-2021-3640 A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page.
local
high complexity
linux debian fedoraproject canonical netapp
7.0
7.0