Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-20 CVE-2022-39956 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set.
network
low complexity
owasp fedoraproject debian CWE-116
critical
9.8
2022-09-20 CVE-2022-39955 The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes.
network
low complexity
owasp fedoraproject debian
critical
9.8
2022-09-19 CVE-2022-37032 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service.
network
low complexity
frrouting debian CWE-125
critical
9.1
2022-09-02 CVE-2020-22669 SQL Injection vulnerability in multiple products
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability.
network
low complexity
owasp debian CWE-89
critical
9.8
2022-08-07 CVE-2022-37452 Out-of-bounds Write vulnerability in multiple products
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
network
low complexity
exim debian CWE-787
critical
9.8
2022-08-05 CVE-2022-37434 Out-of-bounds Write vulnerability in multiple products
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
network
low complexity
zlib fedoraproject debian netapp apple stormshield CWE-787
critical
9.8
2022-08-03 CVE-2022-32292 Out-of-bounds Write vulnerability in multiple products
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.
network
low complexity
intel debian CWE-787
critical
9.8
2022-07-25 CVE-2020-7677 This affects the package thenify before 3.3.1.
network
low complexity
thenify-project debian fedoraproject
critical
9.8
2022-07-18 CVE-2021-40874 Improper Authentication vulnerability in multiple products
An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13.
network
low complexity
lemonldap-ng debian CWE-287
critical
9.8
2022-07-15 CVE-2022-35409 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0.
network
low complexity
arm debian CWE-125
critical
9.1