Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-07-07 CVE-2022-32207 Incorrect Default Permissions vulnerability in multiple products
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
network
low complexity
haxx fedoraproject debian netapp apple splunk CWE-276
critical
 9.8
9.8
2022-07-06 CVE-2022-33980 Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
network
low complexity
apache netapp debian
critical
 9.8
9.8
2022-06-21 CVE-2022-2068 OS Command Injection vulnerability in multiple products
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.
network
low complexity
openssl debian fedoraproject siemens netapp broadcom CWE-78
critical
 9.8
9.8
2022-06-09 CVE-2022-31031 Classic Buffer Overflow vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu debian CWE-120
critical
 9.8
9.8
2022-06-07 CVE-2019-9971 Improper Privilege Management vulnerability in multiple products
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password.
network
low complexity
3cx debian CWE-269
critical
 9.0
9.0
2022-06-07 CVE-2019-9972 Command Injection vulnerability in multiple products
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.
network
low complexity
3cx debian CWE-77
critical
 9.0
9.0
2022-06-02 CVE-2022-31799 Improper Handling of Exceptional Conditions vulnerability in multiple products
Bottle before 0.12.20 mishandles errors during early request binding.
network
low complexity
bottlepy debian fedoraproject CWE-755
critical
 9.8
9.8
2022-05-31 CVE-2022-31003 Heap-based Buffer Overflow vulnerability in multiple products
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library.
network
low complexity
signalwire debian CWE-122
critical
 9.8
9.8
2022-05-26 CVE-2022-21831 Code Injection vulnerability in multiple products
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
network
low complexity
rubyonrails debian CWE-94
critical
 9.8
9.8
2022-05-26 CVE-2022-1664 Path Traversal vulnerability in multiple products
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability.
network
low complexity
debian netapp CWE-22
critical
 9.8
9.8