Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-26 CVE-2022-27777 Cross-site Scripting vulnerability in multiple products
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
network
low complexity
rubyonrails debian CWE-79
6.1
6.1
2022-05-26 CVE-2022-30783 Unchecked Return Value vulnerability in multiple products
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.
local
low complexity
tuxera fedoraproject debian CWE-252
6.7
6.7
2022-05-26 CVE-2022-30785 A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
local
low complexity
tuxera fedoraproject debian
6.7
6.7
2022-05-26 CVE-2022-30787 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
local
low complexity
tuxera fedoraproject debian CWE-191
6.7
6.7
2022-05-18 CVE-2022-30974 Uncontrolled Recursion vulnerability in multiple products
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
local
low complexity
artifex debian fedoraproject CWE-674
5.5
5.5
2022-05-18 CVE-2022-30975 NULL Pointer Dereference vulnerability in multiple products
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
local
low complexity
artifex debian fedoraproject CWE-476
5.5
5.5
2022-05-12 CVE-2022-21151 Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel netapp debian
5.5
5.5
2022-05-11 CVE-2022-1623 Out-of-bounds Read vulnerability in multiple products
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff fedoraproject netapp debian CWE-125
5.5
5.5
2022-05-09 CVE-2022-27114 Integer Overflow or Wraparound vulnerability in multiple products
There is a vulnerability in htmldoc 1.9.16.
local
low complexity
htmldoc-project debian CWE-190
5.5
5.5
2022-05-05 CVE-2022-27337 A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
network
low complexity
freedesktop fedoraproject debian
6.5
6.5