Vulnerabilities > Debian > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-09 | CVE-2022-0534 | Out-of-bounds Read vulnerability in multiple products A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). | 5.5 |
2022-02-04 | CVE-2021-40403 | Missing Initialization of a Variable vulnerability in multiple products An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. | 6.3 |
2022-02-04 | CVE-2021-4043 | NULL Pointer Dereference vulnerability in multiple products NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. | 5.5 |
2022-02-04 | CVE-2021-46671 | Out-of-bounds Read vulnerability in multiple products options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. | 5.3 |
2022-02-03 | CVE-2022-22818 | Cross-site Scripting vulnerability in multiple products The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. | 6.1 |
2022-02-02 | CVE-2022-24301 | Incorrect Default Permissions vulnerability in multiple products In Minetest before 5.4.0, players can add or subtract items from a different player's inventory. | 6.4 |
2022-02-01 | CVE-2022-23607 | Forced Browsing vulnerability in multiple products treq is an HTTP library inspired by requests but written on top of Twisted's Agents. | 6.5 |
2022-01-31 | CVE-2022-24130 | Classic Buffer Overflow vulnerability in multiple products xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. | 5.5 |
2022-01-28 | CVE-2021-4160 | There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. | 5.9 |
2022-01-26 | CVE-2021-22570 | NULL Pointer Dereference vulnerability in multiple products Nullptr dereference when a null char is present in a proto symbol. | 5.5 |