Vulnerabilities > Debian > Debian Linux > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-21 | CVE-2022-2068 | OS Command Injection vulnerability in multiple products In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. | 9.8 |
| 2022-06-09 | CVE-2022-31031 | Classic Buffer Overflow vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 9.8 |
| 2022-06-07 | CVE-2019-9972 | Command Injection vulnerability in multiple products PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling. | 9.0 |
| 2022-06-07 | CVE-2019-9971 | Improper Privilege Management vulnerability in multiple products PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. | 9.0 |
| 2022-06-02 | CVE-2022-31799 | Improper Handling of Exceptional Conditions vulnerability in multiple products Bottle before 0.12.20 mishandles errors during early request binding. | 9.8 |
| 2022-05-31 | CVE-2022-31003 | Heap-based Buffer Overflow vulnerability in multiple products Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. | 9.8 |
| 2022-05-26 | CVE-2022-21831 | Code Injection vulnerability in multiple products A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. | 9.8 |
| 2022-05-26 | CVE-2022-1664 | Path Traversal vulnerability in multiple products Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. | 9.8 |
| 2022-05-23 | CVE-2022-29599 | Improper Encoding or Escaping of Output vulnerability in multiple products In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | 9.8 |
| 2022-05-12 | CVE-2022-1650 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. | 9.3 |