Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-10-12 CVE-2022-37601 Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js.
network
low complexity
webpack-js debian
critical
 9.8
9.8
2022-10-11 CVE-2022-37616 A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable.
network
low complexity
xmldom-project debian
critical
 9.8
9.8
2022-10-06 CVE-2022-41853 Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack.
network
low complexity
hsqldb debian
critical
 9.8
9.8
2022-09-29 CVE-2016-2338 Out-of-bounds Write vulnerability in multiple products
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby.
network
low complexity
ruby-lang debian CWE-787
critical
 9.8
9.8
2022-09-26 CVE-2022-21797 The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
network
low complexity
joblib-project fedoraproject debian
critical
 9.8
9.8
2022-09-20 CVE-2017-20148 Unspecified vulnerability in Debian Logcheck 1.3.23
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.
network
low complexity
debian
critical
 9.8
9.8
2022-09-20 CVE-2022-39955 The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes.
network
low complexity
owasp fedoraproject debian
critical
 9.8
9.8
2022-09-20 CVE-2022-39956 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set.
network
low complexity
owasp fedoraproject debian CWE-116
critical
 9.8
9.8
2022-09-19 CVE-2022-37032 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service.
network
low complexity
frrouting debian CWE-125
critical
 9.1
9.1
2022-09-02 CVE-2020-22669 SQL Injection vulnerability in multiple products
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability.
network
low complexity
owasp debian CWE-89
critical
 9.8
9.8