Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-06 | CVE-2022-21664 | SQL Injection vulnerability in multiple products WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. | 8.8 |
2022-01-04 | CVE-2021-41141 | Improper Locking vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 7.5 |
2022-01-01 | CVE-2021-45972 | Improper Validation of Specified Quantity in Input vulnerability in multiple products The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. | 7.1 |
2022-01-01 | CVE-2021-45960 | Incorrect Calculation vulnerability in multiple products In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). | 8.8 |
2022-01-01 | CVE-2021-41819 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. | 7.5 |
2022-01-01 | CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. | 7.5 |
2022-01-01 | CVE-2021-44716 | Resource Exhaustion vulnerability in multiple products net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | 7.5 |
2021-12-31 | CVE-2021-4192 | Use After Free vulnerability in multiple products vim is vulnerable to Use After Free | 7.8 |
2021-12-30 | CVE-2021-4181 | Out-of-bounds Read vulnerability in multiple products Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | 7.5 |
2021-12-30 | CVE-2021-4184 | Infinite Loop vulnerability in multiple products Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | 7.5 |