Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2022-22815 Improper Initialization vulnerability in multiple products
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
network
low complexity
python debian CWE-665
6.5
2022-01-10 CVE-2022-22816 Out-of-bounds Read vulnerability in multiple products
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
network
low complexity
python debian CWE-125
6.5
2022-01-10 CVE-2022-22844 Out-of-bounds Read vulnerability in multiple products
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
local
low complexity
libtiff debian netapp CWE-125
5.5
2022-01-10 CVE-2020-29050 Path Traversal vulnerability in multiple products
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory).
network
low complexity
sphinxsearch debian CWE-22
5.0
2022-01-10 CVE-2021-43579 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.
6.8
2022-01-06 CVE-2022-21662 Cross-site Scripting vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress debian CWE-79
5.4
2022-01-06 CVE-2021-28714 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them.
local
low complexity
linux debian CWE-770
6.5
2022-01-06 CVE-2021-28715 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them.
local
low complexity
linux debian CWE-770
6.5
2022-01-06 CVE-2022-22707 Out-of-bounds Write vulnerability in multiple products
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration.
4.3
2022-01-06 CVE-2021-46144 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
4.3