Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-19 CVE-2022-21540 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
network
low complexity
oracle fedoraproject debian netapp azul
5.3
2022-07-19 CVE-2022-21541 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
network
high complexity
oracle fedoraproject debian netapp azul
5.9
2022-07-19 CVE-2022-21549 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
network
low complexity
oracle azul fedoraproject debian netapp
5.3
2022-07-18 CVE-2021-33655 Out-of-bounds Write vulnerability in multiple products
When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.
local
low complexity
linux debian CWE-787
6.7
2022-07-18 CVE-2021-33656 Out-of-bounds Write vulnerability in multiple products
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
low complexity
huawei linux debian CWE-787
6.8
2022-07-17 CVE-2021-46784 Reachable Assertion vulnerability in multiple products
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
network
low complexity
squid-cache debian CWE-617
6.5
2022-07-14 CVE-2022-23825 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
local
low complexity
debian fedoraproject amd vmware CWE-668
6.5
2022-07-14 CVE-2022-32213 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
6.5
2022-07-14 CVE-2022-32214 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests.
network
low complexity
llhttp nodejs debian stormshield CWE-444
6.5
2022-07-14 CVE-2022-32215 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers.
6.5