Debian Linux vulnerabilities

CVE-2022-23308 [HIGH] CWE-416 CVE-2022-23308: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

CVE-2022-25636 [HIGH] CWE-269 CVE-2022-25636: net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain priv net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

CVE-2022-24407 [HIGH] CWE-89 CVE-2022-24407: In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

CVE-2022-0545 [HIGH] CWE-190 CVE-2022-0545: An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19,

CVE-2019-25058 [HIGH] CWE-863 CVE-2019-25058: An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.

CVE-2022-0546 [HIGH] CWE-190 CVE-2022-0546: A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds hea A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

CVE-2022-21824 [HIGH] CWE-471 CVE-2022-21824: Due to the formatting logic of the "console.table()" function it was not safe to allow user controll Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an em

CVE-2021-3700 [MEDIUM] CWE-416 CVE-2021-3700: A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirpars A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.

CVE-2021-3608 [MEDIUM] CWE-824 CVE-2021-3608: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system avai

CVE-2021-3596 [MEDIUM] CWE-476 CVE-2021-3596: A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGIm A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.

CVE-2022-0544 [MEDIUM] CWE-191 CVE-2022-0544: An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

CVE-2021-44533 [MEDIUM] CWE-295 CVE-2021-44533: Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguis Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allo

CVE-2021-3607 [MEDIUM] CWE-190 CVE-2021-3607: An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in vers An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service.

CVE-2021-44532 [MEDIUM] CWE-296 CVE-2021-44532: Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass o

CVE-2022-24599 [MEDIUM] CWE-401 CVE-2022-24599: In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, i In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

CVE-2022-0729 [HIGH] CWE-823 CVE-2022-0729: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

CVE-2022-23608 [CRITICAL] CWE-416 CVE-2022-23608: PJSIP is a free and open source multimedia communication library written in C language implementing PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dia

CVE-2022-0714 [MEDIUM] CWE-122 CVE-2022-0714: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.

CVE-2021-44142 [HIGH] CWE-125 CVE-2021-44142: The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compati The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A

CVE-2022-0696 [MEDIUM] CWE-476 CVE-2022-0696: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.