Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-31 CVE-2022-2519 Double Free vulnerability in multiple products
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1
network
low complexity
libtiff debian CWE-415
6.5
2022-08-31 CVE-2022-2520 Incorrect Calculation of Buffer Size vulnerability in multiple products
A flaw was found in libtiff 4.4.0rc1.
network
low complexity
libtiff debian CWE-131
6.5
2022-08-31 CVE-2022-2521 Release of Invalid Pointer or Reference vulnerability in multiple products
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.
network
low complexity
libtiff debian CWE-763
6.5
2022-08-30 CVE-2021-46837 NULL Pointer Dereference vulnerability in multiple products
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk.
network
low complexity
asterisk digium debian CWE-476
6.5
2022-08-29 CVE-2022-0718 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in python-oslo-utils.
network
low complexity
openstack redhat debian CWE-532
4.9
2022-08-29 CVE-2022-1184 Use After Free vulnerability in multiple products
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component.
local
low complexity
linux redhat debian canonical CWE-416
5.5
2022-08-29 CVE-2022-2953 Out-of-bounds Read vulnerability in multiple products
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff netapp debian CWE-125
5.5
2022-08-27 CVE-2022-2787 Improper Preservation of Permissions vulnerability in Debian Linux and Schroot
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.
network
low complexity
debian CWE-281
4.3
2022-08-26 CVE-2022-0171 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
A flaw was found in the Linux kernel.
local
low complexity
linux redhat debian CWE-212
5.5
2022-08-26 CVE-2021-3669 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the Linux kernel.
local
low complexity
linux ibm debian fedoraproject redhat CWE-770
5.5