Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-28 CVE-2022-31628 Infinite Loop vulnerability in multiple products
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
local
low complexity
php fedoraproject debian CWE-835
5.5
2022-09-28 CVE-2022-31629 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
network
low complexity
php fedoraproject debian
6.5
2022-09-27 CVE-2022-3303 Improper Locking vulnerability in multiple products
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking.
local
high complexity
linux debian CWE-667
4.7
2022-09-26 CVE-2022-3201 Improper Input Validation vulnerability in multiple products
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-20
5.4
2022-09-22 CVE-2022-38398 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol.
network
low complexity
apache debian CWE-918
5.3
2022-09-22 CVE-2022-38648 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources.
network
low complexity
apache debian CWE-918
5.3
2022-09-21 CVE-2022-2795 By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
network
low complexity
isc debian fedoraproject
5.3
2022-09-21 CVE-2022-41218 Use After Free vulnerability in multiple products
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
local
low complexity
linux debian CWE-416
5.5
2022-09-19 CVE-2022-28201 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
local
low complexity
mediawiki debian CWE-674
4.4
2022-09-18 CVE-2022-40768 Use of Uninitialized Resource vulnerability in multiple products
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
local
low complexity
linux fedoraproject debian CWE-908
5.5