Debian Linux vulnerabilities

CVE-2022-36354 [MEDIUM] CWE-193 CVE-2022-36354: A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicio

CVE-2022-43603 [MEDIUM] CWE-476 CVE-2022-43603: A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Pr A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-43593 [MEDIUM] CWE-476 CVE-2022-43593: A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Proj A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.

CVE-2022-23537 [CRITICAL] CWE-122 CVE-2022-23537: PJSIP is a free and open source multimedia communication library written in C language implementing PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LI

CVE-2022-47629 [CRITICAL] CWE-190 CVE-2022-47629: Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

CVE-2022-4515 [HIGH] CWE-78 CVE-2022-4515: A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.

CVE-2022-47520 [HIGH] CWE-125 CVE-2022-47520: An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/ An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.

CVE-2022-47519 [HIGH] CWE-787 CVE-2022-47519: An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_ An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.

CVE-2022-47521 [HIGH] CWE-787 CVE-2022-47521: An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_ An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.

CVE-2022-47518 [HIGH] CWE-787 CVE-2022-47518: An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of chann An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.

CVE-2022-3109 [HIGH] CWE-476 CVE-2022-3109: An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks chec An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.

CVE-2022-4283 [HIGH] CWE-416 CVE-2022-4283: A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh

CVE-2022-46344 [HIGH] CWE-125 CVE-2022-46344: A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangePr A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution

CVE-2022-46342 [HIGH] CWE-416 CVE-2022-46342: A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelect A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se

CVE-2022-46341 [HIGH] CWE-787 CVE-2022-46341: A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveU A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CVE-2022-23517 [HIGH] CWE-1333 CVE-2022-23517: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain con rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. T

CVE-2022-46343 [HIGH] CWE-416 CVE-2022-46343: A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSave A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CVE-2022-46340 [HIGH] CWE-787 CVE-2022-46340: A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTest A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running p

CVE-2022-23520 [MEDIUM] CWE-79 CVE-2022-23520: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to ve rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overrid

CVE-2022-23519 [MEDIUM] CWE-79 CVE-2022-23519: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to ve rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both