Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-06 CVE-2022-21663 Deserialization of Untrusted Data vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress debian fedoraproject CWE-502
7.2
2022-01-06 CVE-2022-21664 SQL Injection vulnerability in multiple products
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database.
network
low complexity
wordpress debian fedoraproject CWE-89
8.8
2022-01-04 CVE-2021-41141 PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu debian
7.5
2022-01-04 CVE-2021-3842 nltk is vulnerable to Inefficient Regular Expression Complexity
network
low complexity
nltk debian fedoraproject
7.5
2022-01-01 CVE-2021-45972 Improper Validation of Specified Quantity in Input vulnerability in multiple products
The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write.
local
low complexity
giftrans-project debian CWE-1284
7.1
2022-01-01 CVE-2021-45960 Incorrect Calculation vulnerability in multiple products
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
8.8
2022-01-01 CVE-2021-41819 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names.
7.5
2022-01-01 CVE-2021-41817 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. 7.5
2022-01-01 CVE-2021-44716 Resource Exhaustion vulnerability in multiple products
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
network
low complexity
golang debian netapp CWE-400
7.5
2021-12-31 CVE-2021-4192 vim is vulnerable to Use After Free
local
low complexity
vim fedoraproject debian apple
7.8