Debian Linux vulnerabilities

CVE-2022-46648 [HIGH] CWE-94 CVE-2022-46648: ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ru ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.

CVE-2022-47318 [HIGH] CVE-2022-47318: ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ru ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.

CVE-2022-47929 [MEDIUM] CWE-476 CVE-2022-47929: In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem al In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.

CVE-2023-23589 [MEDIUM] CWE-693 CVE-2023-23589: The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol ca The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

CVE-2023-23559 [HIGH] CWE-190 CVE-2023-23559: In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.

CVE-2022-3341 [MEDIUM] CWE-476 CVE-2022-3341: A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of liba A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.

CVE-2023-23455 [MEDIUM] CWE-843 CVE-2023-23455: atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

CVE-2023-23454 [MEDIUM] CWE-843 CVE-2023-23454: cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a de cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

CVE-2022-4337 [CRITICAL] CWE-125 CVE-2022-4337: An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.

CVE-2022-4338 [CRITICAL] CWE-125 CVE-2022-4338: An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.

CVE-2022-2196 [HIGH] CWE-1188 CVE-2022-2196: A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution atta A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the hos

CVE-2022-47655 [HIGH] CWE-787 CVE-2022-47655: Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback

CVE-2022-34677 [HIGH] CWE-125 CVE-2022-34677: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.

CVE-2022-42258 [HIGH] CWE-190 CVE-2022-42258: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.

CVE-2022-34670 [HIGH] CWE-197 CVE-2022-34670: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.

CVE-2022-42257 [HIGH] CWE-190 CVE-2022-42257: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.

CVE-2022-34674 [MEDIUM] CWE-200 CVE-2022-34674: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.

CVE-2022-42259 [MEDIUM] CWE-190 CVE-2022-42259: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.

CVE-2022-34680 [MEDIUM] CWE-197 CVE-2022-34680: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.

CVE-2020-10650 [HIGH] CWE-502 CVE-2020-10650: A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauth A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.