Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-09 CVE-2022-0534 Out-of-bounds Read vulnerability in multiple products
A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).
local
low complexity
htmldoc-project debian CWE-125
5.5
2022-02-04 CVE-2021-40403 Missing Initialization of a Variable vulnerability in multiple products
An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0.
local
low complexity
gerbv-project fedoraproject debian CWE-456
6.3
2022-02-04 CVE-2021-4043 NULL Pointer Dereference vulnerability in multiple products
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.
local
low complexity
gpac debian CWE-476
5.5
2022-02-04 CVE-2021-46671 Out-of-bounds Read vulnerability in multiple products
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.
network
low complexity
atftp-project debian CWE-125
5.3
2022-02-03 CVE-2022-22818 Cross-site Scripting vulnerability in multiple products
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context.
network
low complexity
djangoproject fedoraproject debian CWE-79
6.1
2022-02-02 CVE-2022-24301 Incorrect Default Permissions vulnerability in multiple products
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.
network
low complexity
minetest debian CWE-276
6.4
2022-02-01 CVE-2022-23607 Forced Browsing vulnerability in multiple products
treq is an HTTP library inspired by requests but written on top of Twisted's Agents.
network
low complexity
twistedmatrix debian CWE-425
6.5
2022-01-31 CVE-2022-24130 Classic Buffer Overflow vulnerability in multiple products
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
5.5
2022-01-28 CVE-2021-4160 There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure.
network
high complexity
openssl debian oracle siemens
5.9
2022-01-26 CVE-2021-22570 NULL Pointer Dereference vulnerability in multiple products
Nullptr dereference when a null char is present in a proto symbol.
5.5