Vulnerabilities > Debian > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-12 | CVE-2022-29900 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | 6.5 |
2022-07-12 | CVE-2022-29901 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. | 6.5 |
2022-07-08 | CVE-2022-35410 | Path Traversal vulnerability in multiple products mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. | 5.0 |
2022-07-07 | CVE-2022-32205 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. | 4.3 |
2022-07-07 | CVE-2022-32206 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. | 6.5 |
2022-07-07 | CVE-2022-32208 | Out-of-bounds Write vulnerability in multiple products When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. | 5.9 |
2022-07-06 | CVE-2022-2318 | Use After Free vulnerability in multiple products There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | 5.5 |
2022-07-05 | CVE-2022-33744 | Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. | 4.7 |
2022-07-05 | CVE-2022-2097 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. | 5.3 |
2022-07-01 | CVE-2022-34903 | Injection vulnerability in multiple products GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | 6.5 |