Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-27 | CVE-2021-43845 | PJSIP is a free and open source multimedia communication library. | 9.1 |
2021-12-23 | CVE-2021-38013 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-12-22 | CVE-2021-40393 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). | 9.8 |
2021-12-22 | CVE-2021-40394 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). | 9.8 |
2021-12-22 | CVE-2021-37706 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 9.8 |
2021-12-20 | CVE-2021-44790 | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). | 9.8 |
2021-12-20 | CVE-2021-44732 | Double Free vulnerability in multiple products Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | 9.8 |
2021-12-17 | CVE-2021-23450 | All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. | 9.8 |
2021-12-15 | CVE-2021-43113 | Command Injection vulnerability in multiple products iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | 9.8 |
2021-12-14 | CVE-2021-45046 | It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. | 9.0 |