Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2021-28544 Information Exposure vulnerability in multiple products
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules.
network
low complexity
apache debian fedoraproject apple CWE-200
4.3
2022-04-06 CVE-2022-26110 An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0.
network
low complexity
wisc debian
6.5
2022-04-05 CVE-2022-26356 Improper Locking vulnerability in multiple products
Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls.
local
high complexity
xen debian fedoraproject CWE-667
5.6
2022-04-03 CVE-2022-28388 Double Free vulnerability in multiple products
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux debian fedoraproject netapp CWE-415
5.5
2022-04-03 CVE-2022-28389 Double Free vulnerability in multiple products
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux fedoraproject debian netapp CWE-415
5.5
2022-04-02 CVE-2022-28356 In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
local
low complexity
linux debian
5.5
2022-03-30 CVE-2022-28202 Cross-site Scripting vulnerability in multiple products
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
network
low complexity
mediawiki fedoraproject debian CWE-79
6.1
2022-03-29 CVE-2022-1122 Improper Initialization vulnerability in multiple products
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files.
local
low complexity
uclouvain fedoraproject debian CWE-665
5.5
2022-03-28 CVE-2022-26291 Use After Free vulnerability in multiple products
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist().
local
low complexity
long-range-zip-project debian CWE-416
5.5
2022-03-25 CVE-2021-3582 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device.
local
low complexity
qemu debian CWE-119
6.5