Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2021-4002 Memory Leak vulnerability in multiple products
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages.
local
low complexity
linux debian fedoraproject oracle CWE-401
4.4
2022-03-02 CVE-2021-3772 A flaw was found in the Linux SCTP stack.
network
high complexity
linux redhat debian oracle netapp
6.5
2022-03-02 CVE-2022-0577 Incorrect Authorization vulnerability in multiple products
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.
network
low complexity
scrapy debian CWE-863
6.5
2022-02-24 CVE-2021-3596 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c.
network
low complexity
imagemagick redhat fedoraproject debian CWE-476
6.5
2022-02-24 CVE-2021-3607 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0.
local
low complexity
qemu debian fedoraproject CWE-190
6.0
2022-02-24 CVE-2021-3608 Access of Uninitialized Pointer vulnerability in multiple products
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0.
local
low complexity
qemu debian fedoraproject CWE-824
6.0
2022-02-24 CVE-2021-3700 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c.
6.4
2022-02-24 CVE-2021-44532 Improper Certificate Validation vulnerability in multiple products
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format.
network
low complexity
nodejs oracle debian CWE-295
5.3
2022-02-24 CVE-2021-44533 Improper Certificate Validation vulnerability in multiple products
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly.
network
low complexity
nodejs oracle debian CWE-295
5.3
2022-02-24 CVE-2022-0544 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file.
local
low complexity
blender debian CWE-191
5.5