Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-22 CVE-2022-23608 Use After Free vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-416
critical
 9.8
9.8
2022-02-18 CVE-2021-3657 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in mbsync versions prior to 1.4.4.
network
low complexity
isync-project fedoraproject redhat debian CWE-119
critical
 9.8
9.8
2022-02-18 CVE-2022-25315 Integer Overflow or Wraparound vulnerability in multiple products
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
network
low complexity
libexpat-project debian fedoraproject oracle siemens CWE-190
critical
 9.8
9.8
2022-02-16 CVE-2021-43299 Stack-based Buffer Overflow vulnerability in multiple products
Stack overflow in PJSUA API when calling pjsua_player_create.
network
low complexity
teluu debian CWE-121
critical
 9.8
9.8
2022-02-16 CVE-2021-43300 Stack-based Buffer Overflow vulnerability in multiple products
Stack overflow in PJSUA API when calling pjsua_recorder_create.
network
low complexity
teluu debian CWE-121
critical
 9.8
9.8
2022-02-16 CVE-2021-43301 Stack-based Buffer Overflow vulnerability in multiple products
Stack overflow in PJSUA API when calling pjsua_playlist_create.
network
low complexity
teluu debian CWE-121
critical
 9.8
9.8
2022-02-16 CVE-2021-43302 Out-of-bounds Read vulnerability in multiple products
Read out-of-bounds in PJSUA API when calling pjsua_recorder_create.
network
low complexity
teluu debian CWE-125
critical
 9.1
9.1
2022-02-16 CVE-2021-43303 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in PJSUA API when calling pjsua_call_dump.
network
low complexity
teluu debian CWE-120
critical
 9.8
9.8
2022-02-16 CVE-2022-25235 Improper Encoding or Escaping of Output vulnerability in multiple products
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
network
low complexity
libexpat-project debian fedoraproject oracle siemens CWE-116
critical
 9.8
9.8
2022-02-16 CVE-2022-25236 Exposure of Resource to Wrong Sphere vulnerability in multiple products
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
network
low complexity
libexpat-project debian oracle siemens CWE-668
critical
 9.8
9.8