Debian Linux vulnerabilities

CVE-2021-42387 [HIGH] CWE-125 CVE-2021-42387: Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As par Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.

CVE-2022-22719 [HIGH] CWE-665 CVE-2022-22719: A carefully crafted request body can cause a read to a random memory area which could cause the proc A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

CVE-2022-20001 [HIGH] CWE-74 CVE-2022-20001: fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary co fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in orde

CVE-2021-43304 [HIGH] CWE-122 CVE-2021-43304: Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy(op, ip, copy_end), don’t exceed the destination buffer’s limits.

CVE-2022-0943 [HIGH] CWE-122 CVE-2022-0943: Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.

CVE-2021-43305 [HIGH] CVE-2021-43305: Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy o

CVE-2022-23960 [MEDIUM] CVE-2022-23960: Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache specula Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.

CVE-2021-36368 [LOW] CWE-287 CVE-2021-36368: An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with a An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to

CVE-2022-26966 [MEDIUM] CVE-2022-26966: An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attacker An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.

CVE-2022-24754 [CRITICAL] CWE-120 CVE-2022-24754: PJSIP is a free and open source multimedia communication library written in C language. In versions PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master bran

CVE-2020-36518 [HIGH] CWE-787 CVE-2020-36518: jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a lar jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

CVE-2022-0908 [MEDIUM] CWE-476 CVE-2022-0908: Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_d Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

CVE-2022-0907 [MEDIUM] CWE-252 CVE-2022-0907: Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

CVE-2022-26874 [MEDIUM] CWE-79 CVE-2022-26874: lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice documen lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.

CVE-2022-0909 [MEDIUM] CWE-369 CVE-2022-0909: Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.

CVE-2022-0924 [MEDIUM] CWE-125 CVE-2022-0924: Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service vi Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.

CVE-2021-33293 [CRITICAL] CWE-125 CVE-2021-33293: Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function pan Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c.

CVE-2022-26520 [CRITICAL] CVE-2022-26520: In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.lo In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no

CVE-2022-26662 [HIGH] CWE-776 CVE-2022-26662: An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x throu An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RP

CVE-2022-0516 [HIGH] CWE-200 CVE-2022-0516: A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.