Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-15 CVE-2018-25047 Cross-site Scripting vulnerability in multiple products
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS.
network
low complexity
smarty debian CWE-79
5.4
2022-09-09 CVE-2022-38266 Divide By Zero vulnerability in multiple products
An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.
network
low complexity
tesseract-project leptonica debian CWE-369
6.5
2022-09-09 CVE-2022-2905 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map.
local
low complexity
linux redhat debian CWE-125
5.5
2022-09-09 CVE-2022-36280 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'.
local
low complexity
linux debian CWE-787
5.5
2022-09-09 CVE-2022-3169 Improper Input Validation vulnerability in multiple products
A flaw was found in the Linux kernel.
local
low complexity
linux fedoraproject debian CWE-20
5.5
2022-09-09 CVE-2022-40307 Race Condition vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.19.8.
local
high complexity
linux debian CWE-362
4.7
2022-09-05 CVE-2022-38749 Out-of-bounds Write vulnerability in multiple products
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
snakeyaml-project debian CWE-787
6.5
2022-09-05 CVE-2022-38750 Out-of-bounds Write vulnerability in multiple products
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).
local
low complexity
snakeyaml-project debian CWE-787
5.5
2022-09-05 CVE-2022-38751 Out-of-bounds Write vulnerability in multiple products
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
snakeyaml-project debian CWE-787
6.5
2022-09-05 CVE-2022-39842 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.19.
local
low complexity
linux debian CWE-190
6.1