Vulnerabilities > Debian > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-26 | CVE-2022-23959 | HTTP Request Smuggling vulnerability in multiple products In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. | 9.1 |
| 2022-01-25 | CVE-2021-3850 | Improper Authentication vulnerability in multiple products Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. | 9.1 |
| 2022-01-24 | CVE-2022-23852 | Integer Overflow or Wraparound vulnerability in multiple products Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | 9.8 |
| 2022-01-21 | CVE-2021-23518 | The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. | 9.8 |
| 2022-01-21 | CVE-2022-0318 | Out-of-bounds Write vulnerability in multiple products Heap-based Buffer Overflow in vim/vim prior to 8.2. | 9.8 |
| 2022-01-19 | CVE-2021-33912 | Out-of-bounds Write vulnerability in multiple products libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. | 9.8 |
| 2022-01-19 | CVE-2022-23221 | Argument Injection or Modification vulnerability in multiple products H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392. | 9.8 |
| 2022-01-14 | CVE-2022-23218 | Classic Buffer Overflow vulnerability in multiple products The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | 9.8 |
| 2022-01-14 | CVE-2022-23219 | Classic Buffer Overflow vulnerability in multiple products The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | 9.8 |
| 2022-01-10 | CVE-2022-22817 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. | 9.8 |