Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-11-08 CVE-2022-39377 Incorrect Calculation of Buffer Size vulnerability in multiple products
sysstat is a set of system performance tools for the Linux operating system.
network
low complexity
sysstat-project debian fedoraproject CWE-131
critical
9.8
2022-10-21 CVE-2022-3649 Use After Free vulnerability in multiple products
A vulnerability was found in Linux Kernel.
network
low complexity
linux debian CWE-416
critical
9.8
2022-10-21 CVE-2022-37454 Integer Overflow or Wraparound vulnerability in multiple products
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
9.8
2022-10-11 CVE-2022-37616 ** DISPUTED ** A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable.
network
low complexity
xmldom-project debian
critical
9.8
2022-09-29 CVE-2016-2338 Out-of-bounds Write vulnerability in multiple products
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby.
network
low complexity
ruby-lang debian CWE-787
critical
9.8
2022-09-26 CVE-2022-21797 The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
network
low complexity
joblib-project fedoraproject debian
critical
9.8
2022-09-20 CVE-2017-20148 Unspecified vulnerability in Debian Logcheck
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.
network
low complexity
debian
critical
9.8
2022-09-14 CVE-2022-40674 Use After Free vulnerability in multiple products
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
network
low complexity
libexpat-project debian CWE-416
critical
9.8
2022-08-07 CVE-2022-37452 Out-of-bounds Write vulnerability in multiple products
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
network
low complexity
exim debian CWE-787
critical
9.8
2022-08-05 CVE-2022-37434 Out-of-bounds Write vulnerability in multiple products
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
network
low complexity
zlib fedoraproject debian netapp apple CWE-787
critical
9.8