Vulnerabilities > Debian > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-27 | CVE-2022-31081 | HTTP Request Smuggling vulnerability in multiple products HTTP::Daemon is a simple http server class written in perl. | 6.5 |
2022-06-27 | CVE-2022-31085 | Insufficiently Protected Credentials vulnerability in multiple products LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. | 6.1 |
2022-06-27 | CVE-2022-31088 | Injection vulnerability in multiple products LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. | 5.3 |
2022-06-24 | CVE-2022-32209 | Cross-site Scripting vulnerability in multiple products # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. | 6.1 |
2022-06-15 | CVE-2022-21166 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-06-15 | CVE-2022-21123 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-06-15 | CVE-2022-21125 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-06-15 | CVE-2022-21127 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-06-09 | CVE-2022-21499 | Out-of-bounds Write vulnerability in multiple products KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. | 6.7 |
2022-06-09 | CVE-2022-26362 | Race Condition vulnerability in multiple products x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. | 6.4 |