Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-12-27 CVE-2021-43845 PJSIP is a free and open source multimedia communication library.
network
low complexity
teluu debian
critical
9.1
2021-12-23 CVE-2021-38013 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
critical
9.6
2021-12-22 CVE-2021-40393 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260).
network
low complexity
gerbv-project debian CWE-787
critical
9.8
2021-12-22 CVE-2021-40394 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260).
network
low complexity
gerbv-project debian CWE-787
critical
9.8
2021-12-22 CVE-2021-37706 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian
critical
9.8
2021-12-20 CVE-2021-44790 A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).
network
low complexity
apache fedoraproject debian tenable netapp oracle apple
critical
9.8
2021-12-20 CVE-2021-44732 Double Free vulnerability in multiple products
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
network
low complexity
arm debian CWE-415
critical
9.8
2021-12-17 CVE-2021-23450 All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
network
low complexity
linuxfoundation oracle debian
critical
9.8
2021-12-15 CVE-2021-43113 Command Injection vulnerability in multiple products
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
network
low complexity
itextpdf debian CWE-77
critical
9.8
2021-12-14 CVE-2021-45046 It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.
network
high complexity
apache intel cvat siemens debian sonicwall fedoraproject
critical
9.0