Debian Linux vulnerabilities

CVE-2021-20001 [CRITICAL] CWE-276 CVE-2021-20001: It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blen It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.

CVE-2022-24958 [HIGH] CWE-763 CVE-2022-24958: drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.

CVE-2022-23772 [HIGH] CWE-190 CVE-2022-23772: Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lea Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

CVE-2022-23633 [MEDIUM] CWE-200 CVE-2022-23633: Action Pack is a framework for handling and responding to web requests. Under certain circumstances Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has be

CVE-2022-23634 [MEDIUM] CWE-200 CVE-2022-23634: Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may no Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing t

CVE-2022-0561 [MEDIUM] CWE-476 CVE-2022-0561: Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_d Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

CVE-2022-24959 [MEDIUM] CWE-401 CVE-2022-24959: An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevpriv An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.

CVE-2022-0562 [MEDIUM] CWE-476 CVE-2022-0562: Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dir Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.

CVE-2022-0554 [HIGH] CWE-823 CVE-2022-0554: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.

CVE-2022-0529 [MEDIUM] CWE-787 CVE-2022-0529: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a loca A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2022-0530 [MEDIUM] CVE-2022-0530: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a loca A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2022-0534 [MEDIUM] CWE-125 CVE-2022-0534: A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place i A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).

CVE-2022-21712 [HIGH] CWE-200 CVE-2022-21712: twisted is an event-driven networking engine written in Python. In affected versions twisted exposes twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.

CVE-2022-23614 [CRITICAL] CWE-74 CVE-2022-23614: Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of t Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow call

CVE-2022-23946 [HIGH] CWE-121 CVE-2022-23946: A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNum A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-40401 [HIGH] CWE-252 CVE-2021-40401: A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-23947 [HIGH] CWE-121 CVE-2022-23947: A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNum A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-0487 [MEDIUM] CWE-416 CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

CVE-2021-46671 [MEDIUM] CWE-125 CVE-2021-46671: options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-si options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.

CVE-2021-4043 [MEDIUM] CWE-476 CVE-2021-4043: NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.