Debian Linux vulnerabilities

CVE-2021-43300 [CRITICAL] CWE-121 CVE-2021-43300: Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' ar Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

CVE-2022-25235 [CRITICAL] CWE-116 CVE-2022-25235: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as che xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

CVE-2021-43301 [CRITICAL] CWE-121 CVE-2021-43301: Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

CVE-2022-25236 [CRITICAL] CWE-668 CVE-2022-25236: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator chara xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

CVE-2021-43299 [CRITICAL] CWE-121 CVE-2021-43299: Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argu Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

CVE-2021-3752 [HIGH] CWE-416 CVE-2021-3752: A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls conn A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2021-3578 [HIGH] CWE-704 CVE-2021-3578: A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malici A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.

CVE-2022-23804 [HIGH] CWE-121 CVE-2022-23804: A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCo A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-3560 [HIGH] CWE-863 CVE-2021-3560: It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, e It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as

CVE-2021-3760 [HIGH] CWE-416 CVE-2021-3760: A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.

CVE-2022-23803 [HIGH] CWE-121 CVE-2022-23803: A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCo A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-0617 [MEDIUM] CWE-476 CVE-2022-0617: A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the w A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.

CVE-2022-25258 [MEDIUM] CWE-476 CVE-2022-25258: An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The US An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.

CVE-2022-0582 [CRITICAL] CWE-476 CVE-2022-0582: Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 all Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

CVE-2022-0586 [HIGH] CWE-835 CVE-2022-0586: Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows den Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

CVE-2022-0581 [HIGH] CWE-416 CVE-2022-0581: Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

CVE-2022-0572 [HIGH] CWE-122 CVE-2022-0572: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2021-45444 [HIGH] CVE-2021-45444: In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

CVE-2022-0583 [HIGH] CWE-787 CVE-2022-0583: Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial o Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

CVE-2022-23806 [CRITICAL] CWE-252 CVE-2022-23806: Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly ret Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.