Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-05-23 CVE-2022-29599 Improper Encoding or Escaping of Output vulnerability in multiple products
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
network
low complexity
apache debian CWE-116
critical
9.8
2022-05-12 CVE-2022-1650 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
network
low complexity
eventsource debian CWE-212
critical
9.3
2022-05-04 CVE-2022-29155 SQL Injection vulnerability in multiple products
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query.
network
low complexity
openldap debian netapp CWE-89
critical
9.8
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in multiple products
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl debian netapp oracle fedoraproject CWE-78
critical
9.8
2022-04-19 CVE-2022-25648 Argument Injection or Modification vulnerability in multiple products
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection.
network
low complexity
git fedoraproject debian CWE-88
critical
9.8
2022-04-15 CVE-2022-26499 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An SSRF issue was discovered in Asterisk through 19.x.
network
low complexity
digium debian CWE-918
critical
9.1
2022-04-15 CVE-2022-26651 SQL Injection vulnerability in multiple products
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13.
network
low complexity
digium debian CWE-89
critical
9.8
2022-04-12 CVE-2022-28346 SQL Injection vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.
network
low complexity
djangoproject debian CWE-89
critical
9.8
2022-04-12 CVE-2022-28347 SQL Injection vulnerability in multiple products
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.
network
low complexity
djangoproject debian CWE-89
critical
9.8
2022-04-06 CVE-2022-24786 Out-of-bounds Write vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C.
network
low complexity
pjsip debian CWE-787
critical
9.8