Debian Linux vulnerabilities

CVE-2021-46784 [MEDIUM] CWE-617 CVE-2021-46784: In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.

CVE-2022-35409 [CRITICAL] CWE-125 CVE-2022-35409: An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an u An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected config

CVE-2022-32212 [HIGH] CWE-284 CVE-2022-32212: A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to a A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

CVE-2022-32215 [MEDIUM] CWE-444 CVE-2022-32215: The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-23825 [MEDIUM] CWE-668 CVE-2022-23825: Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type poten Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

CVE-2022-32214 [MEDIUM] CWE-444 CVE-2022-32214: The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32213 [MEDIUM] CWE-444 CVE-2022-32213: The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

CVE-2022-29187 [HIGH] CVE-2022-29187: Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by the

CVE-2022-29901 [MEDIUM] CWE-200 CVE-2022-29901: Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CVE-2022-29900 [MEDIUM] CWE-212 CVE-2022-29900: Mis-trained branch predictions for return instructions may allow arbitrary speculative code executio Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CVE-2022-35414 [HIGH] CWE-908 CVE-2022-35414: softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time.

CVE-2022-35410 [HIGH] CWE-22 CVE-2022-35410: mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZI mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.

CVE-2022-32207 [CRITICAL] CWE-840 CVE-2022-32207: When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomi When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than inten

CVE-2022-2048 [HIGH] CWE-410 CVE-2022-2048: In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the erro In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.

CVE-2022-32205 [MEDIUM] CWE-770 CVE-2022-32205: A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl a A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to av

CVE-2022-32206 [MEDIUM] CWE-770 CVE-2022-32206: curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be c curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a

CVE-2022-32208 [MEDIUM] CWE-840 CVE-2022-32208: When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wron When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

CVE-2022-2047 [LOW] CWE-20 CVE-2022-2047: In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

CVE-2022-33980 [CRITICAL] CVE-2022-33980: Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing thr

CVE-2022-31129 [HIGH] CWE-400 CVE-2022-31129: moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Aff moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may