Debian Linux vulnerabilities

CVE-2021-4115 [MEDIUM] CWE-400 CVE-2021-4115: There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to proc There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

CVE-2022-0685 [HIGH] CWE-823 CVE-2022-0685: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.

CVE-2022-25375 [MEDIUM] CWE-1284 CVE-2022-25375: An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. T An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.

CVE-2021-3657 [CRITICAL] CWE-119 CVE-2021-3657: A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (> A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.

CVE-2022-25315 [CRITICAL] CWE-190 CVE-2022-25315: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

CVE-2022-25314 [HIGH] CWE-190 CVE-2022-25314: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

CVE-2020-25722 [HIGH] CWE-863 CVE-2020-25722: Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stor Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.

CVE-2021-20322 [HIGH] CWE-330 CVE-2021-20322: A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Lin A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and

CVE-2020-25717 [HIGH] CWE-20 CVE-2020-25717: A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

CVE-2020-25719 [HIGH] CWE-287 CVE-2020-25719: A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos na A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

CVE-2022-0585 [MEDIUM] CWE-834 CVE-2022-0585: Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow de Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file

CVE-2022-25313 [MEDIUM] CWE-674 CVE-2022-25313: In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

CVE-2021-3930 [MEDIUM] CWE-193 CVE-2021-3930: An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.

CVE-2021-20321 [MEDIUM] CWE-362 CVE-2021-20321: A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.

CVE-2016-2124 [MEDIUM] CWE-287 CVE-2016-2124: A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw t A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

CVE-2021-44731 [HIGH] CWE-362 CVE-2021-44731: A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount name A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in sn

CVE-2022-0629 [HIGH] CWE-121 CVE-2022-0629: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2021-44730 [HIGH] CWE-59 CVE-2021-44730: snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

CVE-2021-43302 [CRITICAL] CWE-125 CVE-2021-43302: Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.

CVE-2021-43303 [CRITICAL] CWE-120 CVE-2021-43303: Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied