Debian Linux vulnerabilities

CVE-2022-26496 [CRITICAL] CWE-787 CVE-2022-26496: In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a bu In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.

CVE-2022-26495 [CRITICAL] CWE-190 CVE-2022-26495: In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer ov In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.

CVE-2022-26490 [HIGH] CWE-120 CVE-2022-26490: st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.1 st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

CVE-2022-26505 [HIGH] CWE-290 CVE-2022-26505: A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to e A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.

CVE-2022-24921 [HIGH] CWE-674 CVE-2022-24921: regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply ne regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

CVE-2021-20303 [MEDIUM] CWE-190 CVE-2021-20303: A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

CVE-2021-3744 [MEDIUM] CVE-2021-3744: A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/cr A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

CVE-2021-20302 [MEDIUM] CWE-20 CVE-2021-20302: A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can sub A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.

CVE-2021-20300 [MEDIUM] CWE-190 CVE-2021-20300: A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw al A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.

CVE-2022-0730 [CRITICAL] CWE-287 CVE-2022-0730: Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.

CVE-2021-3640 [HIGH] CWE-362 CVE-2021-3640: A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the

CVE-2022-21716 [HIGH] CWE-120 CVE-2022-21716: Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A pat

CVE-2022-0492 [HIGH] CWE-287 CVE-2022-0492: A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgro A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

CVE-2022-23648 [HIGH] CWE-200 CVE-2022-23648: containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in co containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the

CVE-2021-4002 [MEDIUM] CWE-459 CVE-2021-4002: A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps s A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

CVE-2022-0711 [HIGH] CWE-835 CVE-2022-0711: A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. Th A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

CVE-2021-3667 [MEDIUM] CWE-667 CVE-2021-3667: An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occur An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock

CVE-2021-3772 [MEDIUM] CWE-354 CVE-2021-3772: A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP asso A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

CVE-2022-0577 [MEDIUM] CWE-200 CVE-2022-0577: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.

CVE-2022-24720 [CRITICAL] CWE-20 CVE-2022-24720: image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, s