Debian Linux vulnerabilities

CVE-2022-2850 [MEDIUM] CVE-2022-2850: A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticate A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.

CVE-2022-42722 [MEDIUM] CWE-476 CVE-2022-42722: In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames in In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.

CVE-2022-42902 [HIGH] CWE-94 CVE-2022-42902: In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution i In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.

CVE-2022-42906 [HIGH] CVE-2022-42906: powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repo powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current r

CVE-2022-42719 [HIGH] CWE-416 CVE-2022-42719: A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 th A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

CVE-2022-37601 [CRITICAL] CWE-1321 CVE-2022-37601: Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils vi Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.

CVE-2021-36369 [HIGH] CWE-287 CVE-2021-36369: An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the availab An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abu

CVE-2022-37616 [CRITICAL] CWE-1321 CVE-2022-37616: A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published a A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution

CVE-2022-41404 [HIGH] CWE-400 CVE-2022-41404: An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

CVE-2022-20422 [HIGH] CWE-667 CVE-2022-20422: In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel

CVE-2022-20421 [HIGH] CWE-416 CVE-2022-20421: In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel

CVE-2022-3140 [MEDIUM] CWE-20 CVE-2022-3140: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePo LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or

CVE-2022-33748 [MEDIUM] CWE-755 CVE-2022-33748: lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectivel

CVE-2022-33746 [MEDIUM] CWE-404 CVE-2022-33746: P2M pool freeing may take excessively long The P2M pool backing second level address translation for P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing.

CVE-2022-33747 [LOW] CWE-404 CVE-2022-33747: Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pa Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These mem

CVE-2022-3435 [MEDIUM] CWE-119 CVE-2022-3435: A vulnerability classified as problematic has been found in Linux Kernel. This affects the function A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357

CVE-2022-2929 [MEDIUM] CWE-770 CVE-2022-2929: In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP serve In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

CVE-2022-2928 [MEDIUM] CWE-476 CVE-2022-2928: In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_has In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease que

CVE-2022-41853 [CRITICAL] CWE-470 CVE-2022-41853: Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to proces Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting t

CVE-2022-42003 [HIGH] CWE-502 CVE-2022-42003: In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.