Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-11-09 CVE-2022-45062 Argument Injection or Modification vulnerability in multiple products
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
network
low complexity
xfce debian fedoraproject CWE-88
critical
 9.8
9.8
2022-11-09 CVE-2022-3890 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian CWE-787
critical
 9.6
9.6
2022-11-02 CVE-2022-39353 Improper Validation of Consistency within Input vulnerability in multiple products
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module.
network
low complexity
xmldom-project debian CWE-1288
critical
 9.8
9.8
2022-10-24 CVE-2021-46848 Off-by-one Error vulnerability in multiple products
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
network
low complexity
gnu fedoraproject debian CWE-193
critical
 9.1
9.1
2022-10-21 CVE-2022-37454 Integer Overflow or Wraparound vulnerability in multiple products
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. 		9.8
9.8
2022-10-12 CVE-2022-37601 Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js.
network
low complexity
webpack-js debian
critical
 9.8
9.8
2022-10-11 CVE-2022-37616 A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable.
network
low complexity
xmldom-project debian
critical
 9.8
9.8
2022-10-06 CVE-2022-41853 Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack.
network
low complexity
hsqldb debian
critical
 9.8
9.8
2022-09-29 CVE-2016-2338 Out-of-bounds Write vulnerability in multiple products
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby.
network
low complexity
ruby-lang debian CWE-787
critical
 9.8
9.8
2022-09-26 CVE-2022-21797 The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
network
low complexity
joblib-project fedoraproject debian
critical
 9.8
9.8