Vulnerabilities > Debian > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-15 | CVE-2022-35409 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. | 9.1 |
| 2022-07-07 | CVE-2022-32207 | Incorrect Default Permissions vulnerability in multiple products When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | 9.8 |
| 2022-07-06 | CVE-2022-33980 | Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. | 9.8 |
| 2022-06-21 | CVE-2022-2068 | OS Command Injection vulnerability in multiple products In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. | 9.8 |
| 2022-06-09 | CVE-2022-31031 | Classic Buffer Overflow vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 9.8 |
| 2022-06-02 | CVE-2022-31799 | Improper Handling of Exceptional Conditions vulnerability in multiple products Bottle before 0.12.20 mishandles errors during early request binding. | 9.8 |
| 2022-05-31 | CVE-2022-31003 | Heap-based Buffer Overflow vulnerability in multiple products Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. | 9.8 |
| 2022-05-26 | CVE-2022-21831 | Code Injection vulnerability in multiple products A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. | 9.8 |
| 2022-05-26 | CVE-2022-1664 | Path Traversal vulnerability in multiple products Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. | 9.8 |
| 2022-05-23 | CVE-2022-29599 | Improper Encoding or Escaping of Output vulnerability in multiple products In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | 9.8 |