Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-27 CVE-2022-31081 HTTP Request Smuggling vulnerability in multiple products
HTTP::Daemon is a simple http server class written in perl.
network
low complexity
http debian CWE-444
6.5
2022-06-27 CVE-2022-31085 Insufficiently Protected Credentials vulnerability in multiple products
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g.
network
low complexity
ldap-account-manager debian CWE-522
6.1
2022-06-27 CVE-2022-31088 Injection vulnerability in multiple products
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g.
network
low complexity
ldap-account-manager debian CWE-74
5.3
2022-06-24 CVE-2022-32209 Cross-site Scripting vulnerability in multiple products
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden.
network
low complexity
rubyonrails fedoraproject debian CWE-79
6.1
2022-06-15 CVE-2022-21166 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5
2022-06-15 CVE-2022-21123 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5
2022-06-15 CVE-2022-21125 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5
2022-06-15 CVE-2022-21127 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen intel debian CWE-459
5.5
2022-06-09 CVE-2022-21499 Out-of-bounds Write vulnerability in multiple products
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
local
low complexity
oracle debian CWE-787
6.7
2022-06-09 CVE-2022-26362 Race Condition vulnerability in multiple products
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count.
local
high complexity
xen fedoraproject debian CWE-362
6.4