Debian Linux vulnerabilities

CVE-2022-28129 [HIGH] CWE-20 CVE-2022-28129: Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows a Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

CVE-2021-37150 [HIGH] CWE-20 CVE-2021-37150: Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacke Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

CVE-2022-37452 [CRITICAL] CWE-787 CVE-2022-37452: Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c w Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.

CVE-2022-37434 [CRITICAL] CWE-787 CVE-2022-37434: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

CVE-2022-32292 [CRITICAL] CWE-787 CVE-2022-32292: In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

CVE-2022-36359 [HIGH] CWE-494 CVE-2022-36359: An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4. An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

CVE-2022-31197 [HIGH] CWE-89 CVE-2022-31197: PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database u PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to S

CVE-2022-32293 [HIGH] CWE-416 CVE-2022-32293: In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trig In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.

CVE-2022-2509 [HIGH] CWE-415 CVE-2022-2509: A vulnerability found in gnutls. This security flaw happens because of a double free error occurs du A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

CVE-2022-2598 [MEDIUM] CWE-787 CVE-2022-2598: Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.

CVE-2022-34526 [MEDIUM] CWE-787 CVE-2022-34526: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerabili A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.

CVE-2022-30287 [HIGH] CWE-470 CVE-2022-30287: Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.

CVE-2022-2553 [MEDIUM] CWE-287 CVE-2022-2553: The authfile directive in the booth config file is ignored, preventing use of authentication in comm The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.

CVE-2022-36946 [HIGH] CVE-2022-36946: nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote at nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

CVE-2022-36879 [MEDIUM] CVE-2022-36879: An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_p An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

CVE-2022-33745 [HIGH] CVE-2022-33745: insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kern insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of th

CVE-2020-7677 [CRITICAL] CVE-2020-7677: This affects the package thenify before 3.3.1. The name argument provided to the package can be cont This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.

CVE-2022-26306 [HIGH] CWE-326 CVE-2022-26306: LibreOffice supports the storage of passwords for web connections in the user’s configuration databa LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vuln

CVE-2022-26307 [HIGH] CWE-326 CVE-2022-26307: LibreOffice supports the storage of passwords for web connections in the user’s configuration databa LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a bru

CVE-2021-46829 [HIGH] CWE-190 CVE-2021-46829: GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.