Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-01-28 CVE-2022-23096 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the DNS proxy in Connman through 1.40.
network
low complexity
intel debian CWE-125
critical
9.1
2022-01-27 CVE-2022-21723 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian
critical
9.1
2022-01-27 CVE-2022-21722 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu debian
critical
9.1
2022-01-26 CVE-2022-23959 HTTP Request Smuggling vulnerability in multiple products
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
9.1
2022-01-25 CVE-2021-3850 Improper Authentication vulnerability in multiple products
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.
network
low complexity
adodb-project debian CWE-287
critical
9.1
2022-01-24 CVE-2022-23852 Integer Overflow or Wraparound vulnerability in multiple products
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
network
low complexity
libexpat-project netapp tenable debian oracle siemens CWE-190
critical
9.8
2022-01-21 CVE-2021-23518 The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path.
network
low complexity
cached-path-relative-project debian
critical
9.8
2022-01-21 CVE-2022-0318 Out-of-bounds Write vulnerability in multiple products
Heap-based Buffer Overflow in vim/vim prior to 8.2.
network
low complexity
vim apple debian CWE-787
critical
9.8
2022-01-19 CVE-2021-33912 Out-of-bounds Write vulnerability in multiple products
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c.
network
low complexity
libspf2-project debian CWE-787
critical
9.8
2022-01-19 CVE-2022-23221 Argument Injection or Modification vulnerability in multiple products
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
network
low complexity
h2database debian oracle CWE-88
critical
9.8