Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2022-22816 Out-of-bounds Read vulnerability in multiple products
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
network
low complexity
python debian CWE-125
6.5
6.5
2022-01-10 CVE-2022-22817 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
network
low complexity
python debian
critical
 9.8
9.8
2022-01-10 CVE-2022-22822 Integer Overflow or Wraparound vulnerability in multiple products
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable siemens debian CWE-190
critical
 9.8
9.8
2022-01-10 CVE-2022-22823 Integer Overflow or Wraparound vulnerability in multiple products
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable debian siemens CWE-190
critical
 9.8
9.8
2022-01-10 CVE-2022-22824 Integer Overflow or Wraparound vulnerability in multiple products
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable debian siemens CWE-190
critical
 9.8
9.8
2022-01-10 CVE-2022-22825 Integer Overflow or Wraparound vulnerability in multiple products
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable debian siemens CWE-190
8.8
8.8
2022-01-10 CVE-2022-22826 Integer Overflow or Wraparound vulnerability in multiple products
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable debian siemens CWE-190
8.8
8.8
2022-01-10 CVE-2022-22827 Integer Overflow or Wraparound vulnerability in multiple products
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable debian siemens CWE-190
8.8
8.8
2022-01-10 CVE-2022-22844 Out-of-bounds Read vulnerability in multiple products
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
local
low complexity
libtiff debian netapp CWE-125
5.5
5.5
2022-01-10 CVE-2020-29050 Path Traversal vulnerability in multiple products
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory).
network
low complexity
sphinxsearch debian CWE-22
7.5
7.5