Debian Linux vulnerabilities

CVE-2022-1652 [HIGH] CWE-416 CVE-2022-1652: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concu Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2022-1419 [HIGH] CWE-416 CVE-2022-1419: The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refc The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

CVE-2022-27781 [HIGH] CWE-400 CVE-2022-27781: libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returne libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

CVE-2022-27774 [MEDIUM] CWE-522 CVE-2022-27774: An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

CVE-2022-27776 [MEDIUM] CWE-522 CVE-2022-27776: A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authenticati A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

CVE-2022-26491 [MEDIUM] CVE-2022-26491: An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can r An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain

CVE-2022-1462 [MEDIUM] CWE-362 CVE-2022-1462: An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in h An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

CVE-2022-1789 [MEDIUM] CWE-476 CVE-2022-1789: With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INV With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

CVE-2022-31003 [CRITICAL] CWE-122 CVE-2022-31003: Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as

CVE-2022-31002 [HIGH] CWE-125 CVE-2022-31002: Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue.

CVE-2022-1942 [HIGH] CWE-122 CVE-2022-1942: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-31001 [HIGH] CWE-125 CVE-2022-31001: Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when

CVE-2022-1898 [HIGH] CWE-416 CVE-2022-1898: Use After Free in GitHub repository vim/vim prior to 8.2. Use After Free in GitHub repository vim/vim prior to 8.2.

CVE-2022-1897 [HIGH] CWE-787 CVE-2022-1897: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

CVE-2022-1664 [CRITICAL] CWE-22 CVE-2022-1664: Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially c

CVE-2022-21831 [CRITICAL] CWE-94 CVE-2022-21831: A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker t A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

CVE-2022-22576 [HIGH] CWE-287 CVE-2022-22576: An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might a An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only

CVE-2022-30789 [HIGH] CWE-787 CVE-2022-30789: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.

CVE-2022-30784 [HIGH] CWE-120 CVE-2022-30784: A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8 A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

CVE-2022-30786 [HIGH] CWE-787 CVE-2022-30786: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G th A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.