Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-04 CVE-2021-20303 Integer Overflow or Wraparound vulnerability in multiple products
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp.
local
low complexity
openexr debian CWE-190
6.1
2022-03-04 CVE-2021-3744 Memory Leak vulnerability in multiple products
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).
5.5
2022-03-03 CVE-2021-4002 Memory Leak vulnerability in multiple products
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages.
local
low complexity
linux debian fedoraproject oracle CWE-401
4.4
2022-03-02 CVE-2021-3772 Improper Validation of Integrity Check Value vulnerability in multiple products
A flaw was found in the Linux SCTP stack.
network
high complexity
linux redhat debian oracle netapp CWE-354
6.5
2022-03-02 CVE-2022-0577 Incorrect Authorization vulnerability in multiple products
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.
network
low complexity
scrapy debian CWE-863
4.0
2022-02-24 CVE-2021-3596 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c.
network
low complexity
imagemagick redhat fedoraproject debian CWE-476
6.5
2022-02-24 CVE-2021-3607 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0.
local
low complexity
qemu debian fedoraproject CWE-190
6.0
2022-02-24 CVE-2021-3608 Access of Uninitialized Pointer vulnerability in multiple products
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0.
local
low complexity
qemu debian fedoraproject CWE-824
6.0
2022-02-24 CVE-2021-3700 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c.
4.4
2022-02-24 CVE-2021-44532 Improper Certificate Validation vulnerability in multiple products
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format.
network
low complexity
nodejs oracle debian CWE-295
5.3