Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2022-25315 Integer Overflow or Wraparound vulnerability in multiple products
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
network
low complexity
libexpat-project debian fedoraproject oracle siemens CWE-190
critical
 9.8
9.8
2022-02-16 CVE-2021-43303 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in PJSUA API when calling pjsua_call_dump.
network
low complexity
teluu debian CWE-120
critical
 9.8
9.8
2022-02-16 CVE-2021-43302 Out-of-bounds Read vulnerability in multiple products
Read out-of-bounds in PJSUA API when calling pjsua_recorder_create.
network
low complexity
teluu debian CWE-125
critical
 9.1
9.1
2022-02-16 CVE-2021-43301 Stack-based Buffer Overflow vulnerability in multiple products
Stack overflow in PJSUA API when calling pjsua_playlist_create.
network
low complexity
teluu debian CWE-121
critical
 9.8
9.8
2022-02-16 CVE-2021-43300 Stack-based Buffer Overflow vulnerability in multiple products
Stack overflow in PJSUA API when calling pjsua_recorder_create.
network
low complexity
teluu debian CWE-121
critical
 9.8
9.8
2022-02-16 CVE-2021-43299 Stack-based Buffer Overflow vulnerability in multiple products
Stack overflow in PJSUA API when calling pjsua_player_create.
network
low complexity
teluu debian CWE-121
critical
 9.8
9.8
2022-02-16 CVE-2022-25236 Exposure of Resource to Wrong Sphere vulnerability in multiple products
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
network
low complexity
libexpat-project debian oracle siemens CWE-668
critical
 9.8
9.8
2022-02-16 CVE-2022-25235 Improper Encoding or Escaping of Output vulnerability in multiple products
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
network
low complexity
libexpat-project debian fedoraproject oracle siemens CWE-116
critical
 9.8
9.8
2022-02-14 CVE-2022-0582 NULL Pointer Dereference vulnerability in multiple products
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-476
critical
 9.8
9.8
2022-02-11 CVE-2022-23806 Unchecked Return Value vulnerability in multiple products
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
network
low complexity
golang netapp debian CWE-252
critical
 9.1
9.1