Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2022-22817 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
network
low complexity
python debian
critical
 9.8
9.8
2022-01-10 CVE-2021-42392 Deserialization of Untrusted Data vulnerability in multiple products
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database.
network
low complexity
h2database debian oracle CWE-502
critical
 9.8
9.8
2021-12-27 CVE-2021-43845 Out-of-bounds Read vulnerability in multiple products
PJSIP is a free and open source multimedia communication library.
network
low complexity
teluu debian CWE-125
critical
 9.1
9.1
2021-12-23 CVE-2021-38013 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
critical
 9.6
9.6
2021-12-22 CVE-2021-40394 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260).
network
low complexity
gerbv-project debian CWE-787
critical
 9.8
9.8
2021-12-22 CVE-2021-40393 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260).
network
low complexity
gerbv-project debian CWE-787
critical
 9.8
9.8
2021-12-22 CVE-2021-37706 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-191
critical
 9.8
9.8
2021-12-20 CVE-2021-44790 Out-of-bounds Write vulnerability in multiple products
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).
network
low complexity
apache fedoraproject debian tenable netapp oracle apple CWE-787
critical
 9.8
9.8
2021-12-20 CVE-2021-44732 Double Free vulnerability in multiple products
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
network
low complexity
arm debian CWE-415
critical
 9.8
9.8
2021-12-17 CVE-2021-23450 All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
network
low complexity
linuxfoundation oracle debian
critical
 9.8
9.8