Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2022-24599 Memory Leak vulnerability in multiple products
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file.
6.5
2022-02-22 CVE-2022-0714 Heap-based Buffer Overflow vulnerability in multiple products
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
local
low complexity
vim fedoraproject debian apple CWE-122
5.5
2022-02-21 CVE-2021-4115 There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. 5.5
2022-02-21 CVE-2022-0696 NULL Pointer Dereference vulnerability in multiple products
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
local
low complexity
vim fedoraproject apple debian CWE-476
5.5
2022-02-20 CVE-2022-25375 Improper Validation of Specified Quantity in Input vulnerability in multiple products
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10.
local
low complexity
linux debian CWE-1284
5.5
2022-02-18 CVE-2016-2124 Improper Authentication vulnerability in multiple products
A flaw was found in the way samba implemented SMB1 authentication.
network
high complexity
samba debian fedoraproject redhat canonical CWE-287
5.9
2022-02-18 CVE-2021-20321 Race Condition vulnerability in multiple products
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS.
local
high complexity
linux redhat debian CWE-362
4.7
2022-02-18 CVE-2021-3930 Off-by-one Error vulnerability in multiple products
An off-by-one error was found in the SCSI device emulation in QEMU.
local
low complexity
qemu redhat debian CWE-193
6.5
2022-02-18 CVE-2022-0585 Excessive Iteration vulnerability in multiple products
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-834
6.5
2022-02-18 CVE-2022-25313 Uncontrolled Recursion vulnerability in multiple products
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
6.5