Vulnerabilities > Debian > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2022-25315 | Integer Overflow or Wraparound vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | 9.8 |
| 2022-02-16 | CVE-2021-43299 | Stack overflow in PJSUA API when calling pjsua_player_create. | 9.8 |
| 2022-02-16 | CVE-2021-43300 | Stack overflow in PJSUA API when calling pjsua_recorder_create. | 9.8 |
| 2022-02-16 | CVE-2021-43301 | Stack overflow in PJSUA API when calling pjsua_playlist_create. | 9.8 |
| 2022-02-16 | CVE-2021-43302 | Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. | 9.1 |
| 2022-02-16 | CVE-2021-43303 | Buffer overflow in PJSUA API when calling pjsua_call_dump. | 9.8 |
| 2022-02-16 | CVE-2022-25235 | Improper Encoding or Escaping of Output vulnerability in multiple products xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | 9.8 |
| 2022-02-16 | CVE-2022-25236 | Exposure of Resource to Wrong Sphere vulnerability in multiple products xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | 9.8 |
| 2022-02-14 | CVE-2022-0582 | NULL Pointer Dereference vulnerability in multiple products Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file | 9.8 |
| 2022-02-11 | CVE-2021-20001 | Incorrect Default Permissions vulnerability in multiple products It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. | 9.8 |