Debian Linux vulnerabilities

CVE-2021-44040 [HIGH] CWE-20 CVE-2021-44040: Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an a Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.

CVE-2021-3618 [HIGH] CWE-295 CVE-2021-3618: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementin ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS sess

CVE-2022-0854 [MEDIUM] CWE-200 CVE-2022-0854: A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_D A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

CVE-2021-4149 [MEDIUM] CWE-667 CVE-2021-4149: A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.

CVE-2022-24764 [HIGH] CWE-120 CVE-2022-24764: PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and pri PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_me

CVE-2022-0547 [CRITICAL] CWE-305 CVE-2022-0547: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plu OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

CVE-2022-1011 [HIGH] CWE-416 CVE-2022-1011: A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers wri A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

CVE-2022-24761 [HIGH] CWE-444 CVE-2022-24761: Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2 Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled vi

CVE-2022-24302 [MEDIUM] CWE-362 CVE-2022-24302: In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_fi In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

CVE-2022-27223 [HIGH] CWE-129 CVE-2022-27223: In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.

CVE-2021-39713 [HIGH] CWE-362 CVE-2021-39713: Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel

CVE-2021-20299 [HIGH] CWE-476 CVE-2021-20299: A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file wi A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

CVE-2022-26353 [HIGH] CVE-2022-26353: A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the f A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.

CVE-2021-20257 [MEDIUM] CWE-835 CVE-2021-20257: An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while proce An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerabil

CVE-2022-26354 [LOW] CWE-772 CVE-2022-26354: A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not det A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.

CVE-2022-0778 [HIGH] CWE-835 CVE-2022-0778: The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it t The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible t

CVE-2022-22721 [CRITICAL] CWE-190 CVE-2022-22721: If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit s If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

CVE-2022-22720 [CRITICAL] CWE-444 CVE-2022-22720: Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

CVE-2022-23943 [CRITICAL] CWE-190 CVE-2022-23943: Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite h Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

CVE-2021-42388 [HIGH] CWE-125 CVE-2021-42388: Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As par Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation.