Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-31799 Improper Handling of Exceptional Conditions vulnerability in multiple products
Bottle before 0.12.20 mishandles errors during early request binding.
network
low complexity
bottlepy debian fedoraproject CWE-755
critical
 9.8
9.8
2022-05-31 CVE-2022-31003 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library.
network
low complexity
signalwire debian
critical
 9.8
9.8
2022-05-26 CVE-2022-21831 Code Injection vulnerability in multiple products
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
network
low complexity
rubyonrails debian CWE-94
critical
 9.8
9.8
2022-05-26 CVE-2022-1664 Path Traversal vulnerability in multiple products
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability.
network
low complexity
debian netapp CWE-22
critical
 9.8
9.8
2022-05-23 CVE-2022-29599 In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
network
low complexity
apache debian
critical
 9.8
9.8
2022-05-16 CVE-2022-1586 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.
network
low complexity
pcre fedoraproject redhat netapp debian CWE-125
critical
 9.1
9.1
2022-05-12 CVE-2022-1650 Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
network
low complexity
eventsource debian
critical
 9.3
9.3
2022-05-04 CVE-2022-29155 SQL Injection vulnerability in multiple products
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query.
network
low complexity
openldap debian netapp CWE-89
critical
 9.8
9.8
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in multiple products
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl debian netapp oracle fedoraproject CWE-78
critical
 9.8
9.8
2022-04-19 CVE-2022-25648 Argument Injection or Modification vulnerability in multiple products
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection.
network
low complexity
git fedoraproject debian CWE-88
critical
 9.8
9.8