Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-02 CVE-2022-28356 In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
local
low complexity
linux debian
5.5
5.5
2022-03-30 CVE-2022-28202 Cross-site Scripting vulnerability in multiple products
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
network
low complexity
mediawiki fedoraproject debian CWE-79
6.1
6.1
2022-03-29 CVE-2022-1122 A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files.
local
low complexity
uclouvain fedoraproject debian
5.5
5.5
2022-03-28 CVE-2022-26291 Use After Free vulnerability in multiple products
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist().
local
low complexity
long-range-zip-project debian CWE-416
5.5
5.5
2022-03-25 CVE-2021-3582 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device.
local
low complexity
qemu debian CWE-119
6.5
6.5
2022-03-25 CVE-2021-3933 An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits.
local
low complexity
openexr fedoraproject debian
5.5
5.5
2022-03-25 CVE-2021-3941 In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value.
local
low complexity
openexr redhat fedoraproject debian
6.5
6.5
2022-03-25 CVE-2022-0494 Use of Uninitialized Resource vulnerability in multiple products
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel.
local
low complexity
linux debian CWE-908
4.4
4.4
2022-03-24 CVE-2022-24769 Moby is an open-source project created by Docker to enable and accelerate software containerization. 5.9
5.9
2022-03-23 CVE-2021-4149 Improper Locking vulnerability in multiple products
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs.
local
low complexity
linux debian CWE-667
5.5
5.5