Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-14 CVE-2022-23519 Cross-site Scripting vulnerability in multiple products
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications.
network
low complexity
rubyonrails debian CWE-79
6.1
2022-12-14 CVE-2022-23515 Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.
network
low complexity
loofah-project debian
6.1
2022-12-13 CVE-2022-41915 Netty project is an event-driven asynchronous network application framework.
network
low complexity
netty debian
6.5
2022-12-07 CVE-2022-3643 Injection vulnerability in multiple products
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets.
local
low complexity
linux debian CWE-74
6.5
2022-12-07 CVE-2022-42328 Improper Locking vulnerability in multiple products
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328).
local
low complexity
linux debian CWE-667
5.5
2022-12-07 CVE-2022-42329 Improper Locking vulnerability in multiple products
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328).
local
low complexity
linux debian CWE-667
5.5
2022-12-05 CVE-2022-35256 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF.
network
low complexity
nodejs llhttp siemens debian CWE-444
6.5
2022-12-04 CVE-2022-46391 Cross-site Scripting vulnerability in multiple products
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
network
low complexity
awstats debian fedoraproject CWE-79
6.1
2022-12-03 CVE-2021-37533 Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default.
network
low complexity
apache debian
6.5
2022-11-30 CVE-2022-46338 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.
network
low complexity
g810-led-project debian CWE-732
6.5