Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-30 CVE-2022-2056 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
2022-06-30 CVE-2022-2057 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
2022-06-30 CVE-2022-2058 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
2022-06-30 CVE-2022-2078 Stack-based Buffer Overflow vulnerability in multiple products
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.
local
low complexity
linux redhat debian CWE-121
5.5
2022-06-27 CVE-2022-31081 HTTP Request Smuggling vulnerability in multiple products
HTTP::Daemon is a simple http server class written in perl.
network
low complexity
http debian CWE-444
6.5
2022-06-27 CVE-2022-31085 Insufficiently Protected Credentials vulnerability in multiple products
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g.
network
low complexity
ldap-account-manager debian CWE-522
6.1
2022-06-27 CVE-2022-31086 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g.
6.0
2022-06-27 CVE-2022-31088 Injection vulnerability in multiple products
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g.
network
low complexity
ldap-account-manager debian CWE-74
5.0
2022-06-24 CVE-2022-32209 Cross-site Scripting vulnerability in multiple products
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden.
network
low complexity
rubyonrails fedoraproject debian CWE-79
6.1
2022-06-15 CVE-2022-21166 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5