Vulnerabilities > Debian > Debian Linux > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-14 | CVE-2022-23219 | Classic Buffer Overflow vulnerability in multiple products The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | 9.8 |
2022-01-14 | CVE-2022-23218 | Classic Buffer Overflow vulnerability in multiple products The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | 9.8 |
2022-01-10 | CVE-2022-22824 | Integer Overflow or Wraparound vulnerability in multiple products defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 9.8 |
2022-01-10 | CVE-2022-22823 | Integer Overflow or Wraparound vulnerability in multiple products build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 9.8 |
2022-01-10 | CVE-2022-22822 | Integer Overflow or Wraparound vulnerability in multiple products addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 9.8 |
2022-01-10 | CVE-2022-22817 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. | 9.8 |
2022-01-10 | CVE-2021-42392 | Deserialization of Untrusted Data vulnerability in multiple products The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. | 9.8 |
2021-12-27 | CVE-2021-43845 | PJSIP is a free and open source multimedia communication library. | 9.1 |
2021-12-23 | CVE-2021-38013 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-12-22 | CVE-2021-40394 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). | 9.8 |