Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-09 CVE-2022-26363 x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count.
local
low complexity
xen fedoraproject debian
6.7
2022-06-09 CVE-2022-26364 x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count.
local
low complexity
xen fedoraproject debian
6.7
2022-06-09 CVE-2022-31030 Resource Exhaustion vulnerability in multiple products
containerd is an open source container runtime.
5.5
2022-06-02 CVE-2022-1462 Race Condition vulnerability in multiple products
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem.
local
high complexity
linux redhat debian CWE-362
6.3
2022-06-02 CVE-2022-1789 NULL Pointer Dereference vulnerability in multiple products
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva.
6.8
2022-06-02 CVE-2022-26491 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Pidgin before 2.14.9.
network
high complexity
pidgin debian CWE-295
5.9
2022-06-02 CVE-2022-27774 Insufficiently Protected Credentials vulnerability in multiple products
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
network
low complexity
haxx debian netapp brocade splunk CWE-522
5.7
2022-06-02 CVE-2022-27776 Insufficiently Protected Credentials vulnerability in multiple products
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
6.5
2022-05-26 CVE-2022-26691 Incorrect Comparison vulnerability in multiple products
A logic issue was addressed with improved state management.
6.7
2022-05-26 CVE-2022-22577 Cross-site Scripting vulnerability in multiple products
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.
network
low complexity
rubyonrails debian CWE-79
6.1