Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-28044 Out-of-bounds Write vulnerability in multiple products
Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.
network
low complexity
irzip-project debian CWE-787
critical
 9.8
9.8
2022-04-15 CVE-2022-26499 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An SSRF issue was discovered in Asterisk through 19.x.
network
low complexity
digium debian CWE-918
critical
 9.1
9.1
2022-04-15 CVE-2022-26651 SQL Injection vulnerability in multiple products
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13.
network
low complexity
digium debian CWE-89
critical
 9.8
9.8
2022-04-12 CVE-2022-28346 SQL Injection vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.
network
low complexity
djangoproject debian CWE-89
critical
 9.8
9.8
2022-04-12 CVE-2022-28347 SQL Injection vulnerability in multiple products
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.
network
low complexity
djangoproject debian CWE-89
critical
 9.8
9.8
2022-04-06 CVE-2022-24786 PJSIP is a free and open source multimedia communication library written in C.
network
low complexity
pjsip debian
critical
 9.8
9.8
2022-03-18 CVE-2022-0547 Improper Authentication vulnerability in multiple products
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
network
low complexity
openvpn fedoraproject debian CWE-287
critical
 9.8
9.8
2022-03-14 CVE-2022-22720 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
network
low complexity
apache fedoraproject debian oracle apple CWE-444
critical
 9.8
9.8
2022-03-14 CVE-2022-22721 Integer Overflow or Wraparound vulnerability in multiple products
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.
network
low complexity
apache fedoraproject debian oracle apple CWE-190
critical
 9.1
9.1
2022-03-14 CVE-2022-23943 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.
network
low complexity
apache fedoraproject debian oracle CWE-787
critical
 9.8
9.8