Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-16 CVE-2021-20257 Infinite Loop vulnerability in multiple products
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU.
local
low complexity
qemu fedoraproject redhat debian CWE-835
6.5
6.5
2022-03-13 CVE-2022-23960 Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB.
local
high complexity
xen arm debian
5.6
5.6
2022-03-12 CVE-2022-26966 An issue was discovered in the Linux kernel before 5.16.12.
local
low complexity
linux netapp debian
5.5
5.5
2022-03-11 CVE-2022-0907 Unchecked Return Value vulnerability in multiple products
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff debian fedoraproject netapp CWE-252
5.5
5.5
2022-03-11 CVE-2022-0908 NULL Pointer Dereference vulnerability in multiple products
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
local
low complexity
libtiff debian fedoraproject netapp CWE-476
5.5
5.5
2022-03-11 CVE-2022-0909 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff debian fedoraproject netapp CWE-369
5.5
5.5
2022-03-11 CVE-2022-0924 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff debian fedoraproject netapp CWE-125
5.5
5.5
2022-03-11 CVE-2022-26874 Cross-site Scripting vulnerability in multiple products
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition.
network
low complexity
horde debian CWE-79
5.4
5.4
2022-03-10 CVE-2022-26847 Information Exposure vulnerability in multiple products
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
network
low complexity
spip debian CWE-200
5.3
5.3
2022-03-10 CVE-2022-26661 XXE vulnerability in multiple products
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1.
network
low complexity
tryton debian CWE-611
6.5
6.5