Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-25 | CVE-2020-7677 | This affects the package thenify before 3.3.1. | 9.8 |
2022-07-18 | CVE-2021-40874 | Improper Authentication vulnerability in multiple products An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. | 9.8 |
2022-07-15 | CVE-2022-35409 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. | 9.1 |
2022-07-07 | CVE-2022-32207 | Incorrect Default Permissions vulnerability in multiple products When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | 9.8 |
2022-07-06 | CVE-2022-33980 | Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. | 9.8 |
2022-06-21 | CVE-2022-2068 | OS Command Injection vulnerability in multiple products In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. | 9.8 |
2022-06-09 | CVE-2022-31031 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 9.8 |
2022-06-02 | CVE-2022-31799 | Improper Handling of Exceptional Conditions vulnerability in multiple products Bottle before 0.12.20 mishandles errors during early request binding. | 9.8 |
2022-05-31 | CVE-2022-31003 | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. | 9.8 |
2022-05-26 | CVE-2022-21831 | Code Injection vulnerability in multiple products A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. | 9.8 |