Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-11-08 CVE-2022-39377 Incorrect Calculation of Buffer Size vulnerability in multiple products
sysstat is a set of system performance tools for the Linux operating system.
network
low complexity
sysstat-project debian fedoraproject CWE-131
critical
9.8
2022-10-21 CVE-2022-37454 Integer Overflow or Wraparound vulnerability in multiple products
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
9.8
2022-10-11 CVE-2022-37616 ** DISPUTED ** A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable.
network
low complexity
xmldom-project debian
critical
9.8
2022-09-29 CVE-2016-2338 Out-of-bounds Write vulnerability in multiple products
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby.
network
low complexity
ruby-lang debian CWE-787
critical
9.8
2022-09-14 CVE-2022-40674 Use After Free vulnerability in multiple products
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
network
low complexity
libexpat-project debian CWE-416
critical
9.8
2022-08-07 CVE-2022-37452 Out-of-bounds Write vulnerability in multiple products
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
network
low complexity
exim debian CWE-787
critical
9.8
2022-08-05 CVE-2022-37434 Out-of-bounds Write vulnerability in multiple products
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
network
low complexity
zlib fedoraproject debian netapp apple CWE-787
critical
9.8
2022-08-03 CVE-2022-32292 Out-of-bounds Write vulnerability in multiple products
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.
network
low complexity
intel debian CWE-787
critical
9.8
2022-07-25 CVE-2020-7677 This affects the package thenify before 3.3.1.
network
low complexity
thenify-project debian
critical
9.8
2022-07-07 CVE-2022-32207 Incorrect Default Permissions vulnerability in multiple products
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
network
low complexity
haxx fedoraproject debian netapp apple CWE-276
critical
9.8