Debian Linux vulnerabilities

CVE-2020-28625 [HIGH] CWE-129 CVE-2020-28625: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2020-28627 [HIGH] CWE-129 CVE-2020-28627: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2020-28613 [HIGH] CWE-129 CVE-2020-28613: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2020-28635 [HIGH] CWE-129 CVE-2020-28635: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2020-35631 [HIGH] CWE-129 CVE-2020-35631: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2020-28621 [HIGH] CWE-129 CVE-2020-28621: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2020-35630 [HIGH] CWE-129 CVE-2020-35630: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2020-28618 [HIGH] CWE-129 CVE-2020-28618: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2020-28626 [HIGH] CWE-129 CVE-2020-28626: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2020-35629 [HIGH] CWE-129 CVE-2020-35629: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2020-28634 [HIGH] CWE-129 CVE-2020-28634: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2020-28609 [HIGH] CWE-129 CVE-2020-28609: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2020-28602 [HIGH] CWE-129 CVE-2020-28602: Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exist

CVE-2022-24859 [MEDIUM] CWE-835 CVE-2022-24859: PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transformin PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `Cont

CVE-2022-26499 [CRITICAL] CWE-918 CVE-2022-26499: An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

CVE-2022-28044 [CRITICAL] CWE-787 CVE-2022-28044: Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.

CVE-2022-26651 [CRITICAL] CWE-89 CVE-2022-26651: An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The fun An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.

CVE-2022-26498 [HIGH] CWE-400 CVE-2022-26498: An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

CVE-2022-28042 [HIGH] CWE-416 CVE-2022-28042: stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.

CVE-2022-28041 [MEDIUM] CWE-190 CVE-2022-28041: stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_b stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.