Debian Linux vulnerabilities

CVE-2022-36440 [HIGH] CWE-617 CVE-2022-36440: A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.

CVE-2023-28879 [CRITICAL] CWE-787 CVE-2023-28879: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption o In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are w

CVE-2023-28756 [MEDIUM] CWE-1333 CVE-2023-28756: A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time par A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

CVE-2023-28755 [MEDIUM] CWE-1333 CVE-2023-28755: A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI pars A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

CVE-2023-27538 [MEDIUM] CWE-305 CVE-2023-27538: An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previousl An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two

CVE-2023-27535 [MEDIUM] CWE-305 CVE-2023-27535: An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_

CVE-2023-27536 [MEDIUM] CWE-305 CVE-2023-27536: An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which c An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result

CVE-2022-0194 [CRITICAL] CWE-121 CVE-2022-0194: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ne This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-l

CVE-2022-23121 [CRITICAL] CWE-755 CVE-2022-23121: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ne This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage thi

CVE-2022-23122 [CRITICAL] CWE-121 CVE-2022-23122: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ne This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-

CVE-2022-23125 [CRITICAL] CWE-121 CVE-2022-23125: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ne This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying i

CVE-2022-23123 [CRITICAL] CWE-125 CVE-2022-23123: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the en

CVE-2022-23124 [CRITICAL] CWE-125 CVE-2022-23124: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the

CVE-2023-1380 [HIGH] CWE-125 CVE-2023-1380: A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/b A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.

CVE-2023-1077 [HIGH] CWE-843 CVE-2023-1077: In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.

CVE-2023-28686 [HIGH] CWE-639 CVE-2023-28686: Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the persona Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.

CVE-2023-0386 [HIGH] CWE-282 CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

CVE-2022-42332 [HIGH] CWE-416 CVE-2022-42332: x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translatio x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests,

CVE-2022-42333 [HIGH] CWE-770 CVE-2022-42333: x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not expose

CVE-2022-42334 [MEDIUM] CVE-2022-42334: x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to t