Debian Linux vulnerabilities

CVE-2023-23009 [MEDIUM] CWE-400 CVE-2023-23009: Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restar Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.

CVE-2022-48337 [CRITICAL] CWE-78 CVE-2022-48337: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current w

CVE-2023-24998 [HIGH] CWE-770 CVE-2023-24998: Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resu Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be e

CVE-2023-24580 [HIGH] CWE-400 CVE-2023-24580: An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0. An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

CVE-2023-0361 [HIGH] CWE-203 CVE-2023-0361: A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Th A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the

CVE-2023-25725 [CRITICAL] CWE-444 CVE-2023-25725: HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently l HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed f

CVE-2023-22795 [HIGH] CWE-400 CVE-2023-22795: A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and

CVE-2023-0770 [HIGH] CWE-121 CVE-2023-0770: Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.

CVE-2023-23969 [HIGH] CWE-770 CVE-2023-23969: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Lan In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

CVE-2023-0266 [HIGH] CWE-416 CVE-2023-0266: A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_E A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e

CVE-2020-36658 [HIGH] CVE-2020-36658: In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default whe In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.

CVE-2020-36659 [HIGH] CVE-2020-36659: In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by def In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.

CVE-2023-0412 [HIGH] CWE-404 CVE-2023-0412: TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service vi TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVE-2022-47951 [MEDIUM] CWE-22 CVE-2022-47951: An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance be An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a c

CVE-2022-48281 [MEDIUM] CWE-787 CVE-2022-48281: processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

CVE-2023-24038 [HIGH] CWE-1333 CVE-2023-24038: The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastr The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.

CVE-2023-24021 [HIGH] CWE-170 CVE-2023-24021: Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Appli Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.

CVE-2022-48279 [HIGH] CVE-2022-48279: In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed an In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.

CVE-2023-22809 [HIGH] CWE-269 CVE-2023-22809: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem e

CVE-2022-47950 [MEDIUM] CWE-552 CVE-2022-47950: An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By suppl An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later),