Debian Linux vulnerabilities

CVE-2022-21127 [MEDIUM] CWE-459 CVE-2022-21127: Incomplete cleanup in specific special register read operations for some Intel(R) Processors may all Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-21166 [MEDIUM] CWE-459 CVE-2022-21166: Incomplete cleanup in specific special register write operations for some Intel(R) Processors may al Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-21125 [MEDIUM] CWE-459 CVE-2022-21125: Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authe Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-21123 [MEDIUM] CWE-459 CVE-2022-21123: Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authentica Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-32278 [HIGH] CVE-2022-32278: XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.

CVE-2022-31043 [HIGH] CWE-200 CVE-2022-31043: Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests a Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on t

CVE-2022-31042 [HIGH] CWE-200 CVE-2022-31042: Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should no

CVE-2022-31031 [CRITICAL] CWE-120 CVE-2022-31031: PJSIP is a free and open source multimedia communication library written in C language implementing PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their ac

CVE-2022-2000 [HIGH] CWE-787 CVE-2022-2000: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

CVE-2022-31214 [HIGH] CWE-269 CVE-2022-31214: A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the

CVE-2022-26364 [MEDIUM] CVE-2022-26364: x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multipl x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests ma

CVE-2022-31030 [MEDIUM] CWE-400 CVE-2022-31030: containerd is an open source container runtime. A bug was found in the containerd's CRI implementati containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimat

CVE-2022-26362 [MEDIUM] CWE-362 CVE-2022-26362: x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in add x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type re

CVE-2022-26363 [MEDIUM] CVE-2022-26363: x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multipl x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests ma

CVE-2022-21499 [MEDIUM] CWE-787 CVE-2022-21499: KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lock KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vecto

CVE-2022-31799 [CRITICAL] CWE-755 CVE-2022-31799: Bottle before 0.12.20 mishandles errors during early request binding. Bottle before 0.12.20 mishandles errors during early request binding.

CVE-2022-27775 [HIGH] CWE-200 CVE-2022-27775: An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

CVE-2022-27782 [HIGH] CWE-840 CVE-2022-27782: libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been ch libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match che

CVE-2022-1968 [HIGH] CWE-416 CVE-2022-1968: Use After Free in GitHub repository vim/vim prior to 8.2. Use After Free in GitHub repository vim/vim prior to 8.2.

CVE-2022-32250 [HIGH] CWE-416 CVE-2022-32250: net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.