Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2021-43579 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.
local
low complexity
htmldoc-project debian CWE-787
7.8
2022-01-06 CVE-2022-21661 SQL Injection vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress fedoraproject debian CWE-89
7.5
2022-01-06 CVE-2022-21662 Cross-site Scripting vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress debian CWE-79
5.4
2022-01-06 CVE-2022-21663 Deserialization of Untrusted Data vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress debian fedoraproject CWE-502
7.2
2022-01-06 CVE-2022-21664 SQL Injection vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress debian fedoraproject CWE-89
8.8
2022-01-06 CVE-2021-28714 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them.
local
low complexity
linux debian CWE-770
6.5
2022-01-06 CVE-2021-28715 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them.
local
low complexity
linux debian CWE-770
6.5
2022-01-06 CVE-2022-22707 Out-of-bounds Write vulnerability in multiple products
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration.
network
high complexity
lighttpd debian CWE-787
5.9
2022-01-06 CVE-2021-46144 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
network
low complexity
roundcube debian CWE-79
6.1
2022-01-06 CVE-2021-46141 Use After Free vulnerability in multiple products
An issue was discovered in uriparser before 0.9.6.
5.5