Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-02 CVE-2022-24300 Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
network
low complexity
minetest debian
critical
9.8
2022-01-31 CVE-2021-45079 NULL Pointer Dereference vulnerability in multiple products
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
network
low complexity
strongswan debian fedoraproject canonical CWE-476
critical
9.1
2022-01-28 CVE-2022-23096 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the DNS proxy in Connman through 1.40.
network
low complexity
intel debian CWE-125
critical
9.1
2022-01-28 CVE-2022-23097 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the DNS proxy in Connman through 1.40.
network
low complexity
intel debian CWE-125
critical
9.1
2022-01-27 CVE-2022-21722 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu debian
critical
9.1
2022-01-27 CVE-2022-21723 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian
critical
9.1
2022-01-26 CVE-2022-23959 HTTP Request Smuggling vulnerability in multiple products
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
9.1
2022-01-25 CVE-2021-3850 Improper Authentication vulnerability in multiple products
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.
network
low complexity
adodb-project debian CWE-287
critical
9.1
2022-01-24 CVE-2022-23852 Integer Overflow or Wraparound vulnerability in multiple products
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
network
low complexity
libexpat-project netapp tenable debian oracle siemens CWE-190
critical
9.8
2022-01-21 CVE-2021-23518 The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path.
network
low complexity
cached-path-relative-project debian
critical
9.8