Debian Linux vulnerabilities

CVE-2022-38648 [MEDIUM] CWE-918 CVE-2022-38648: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-38398 [MEDIUM] CWE-918 CVE-2022-38398: Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-38178 [HIGH] CWE-401 CVE-2022-38178: By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker ca By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

CVE-2022-41222 [HIGH] CWE-416 CVE-2022-41222: mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap l mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.

CVE-2022-38177 [HIGH] CWE-401 CVE-2022-38177: By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker ca By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

CVE-2022-41218 [MEDIUM] CWE-416 CVE-2022-41218: In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free ca In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.

CVE-2022-2795 [MEDIUM] CVE-2022-2795: By flooding the target resolver with queries exploiting this flaw an attacker can significantly impa By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

CVE-2022-39956 [CRITICAL] CWE-863 CVE-2022-39956: The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipar The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and

CVE-2022-39955 [CRITICAL] CWE-863 CVE-2022-39955: The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a s The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" names and therefore bypassing the configurable CRS Co

CVE-2022-39957 [HIGH] CWE-693 CVE-2022-39957: The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web application firewall. A restricted resource, access to whi

CVE-2022-39958 [HIGH] CWE-863 CVE-2022-39958: The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfi The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected

CVE-2022-32886 [HIGH] CWE-787 CVE-2022-32886: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 1 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-37032 [CRITICAL] CWE-125 CVE-2022-37032: An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.

CVE-2022-28203 [HIGH] CWE-763 CVE-2022-28203: A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37. A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

CVE-2022-28201 [MEDIUM] CWE-674 CVE-2022-28201: An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.

CVE-2022-3235 [HIGH] CWE-416 CVE-2022-3235: Use After Free in GitHub repository vim/vim prior to 9.0.0490. Use After Free in GitHub repository vim/vim prior to 9.0.0490.

CVE-2022-40768 [MEDIUM] CWE-908 CVE-2022-40768: drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive inform drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

CVE-2022-3234 [HIGH] CWE-122 CVE-2022-3234: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.

CVE-2022-40150 [HIGH] CWE-400 CVE-2022-40150: Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service atta Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.

CVE-2022-3176 [HIGH] CWE-416 CVE-2022-3176: There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is p