Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2021-3933 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits.
local
low complexity
openexr fedoraproject debian CWE-190
5.5
2022-03-25 CVE-2021-3941 Divide By Zero vulnerability in multiple products
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value.
local
low complexity
openexr redhat fedoraproject debian CWE-369
6.5
2022-03-25 CVE-2022-0494 Use of Uninitialized Resource vulnerability in multiple products
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel.
local
low complexity
linux debian CWE-908
4.4
2022-03-24 CVE-2022-24769 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Moby is an open-source project created by Docker to enable and accelerate software containerization.
5.9
2022-03-23 CVE-2021-4149 Improper Locking vulnerability in multiple products
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs.
local
low complexity
linux debian CWE-667
5.5
2022-03-23 CVE-2022-0854 Memory Leak vulnerability in multiple products
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE.
local
low complexity
linux debian CWE-401
5.5
2022-03-17 CVE-2022-24302 Race Condition vulnerability in multiple products
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
network
high complexity
paramiko debian fedoraproject CWE-362
5.9
2022-03-17 CVE-2022-24761 HTTP Request Smuggling vulnerability in multiple products
Waitress is a Web Server Gateway Interface server for Python 2 and 3.
network
low complexity
agendaless debian CWE-444
5.0
2022-03-16 CVE-2021-20257 Infinite Loop vulnerability in multiple products
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU.
local
low complexity
qemu fedoraproject redhat debian CWE-835
6.5
2022-03-13 CVE-2022-23960 Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB.
local
high complexity
xen arm debian
5.6