Debian Linux vulnerabilities

CVE-2022-2735 [HIGH] CWE-276 CVE-2022-2735: A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Un A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluste

CVE-2022-3134 [HIGH] CWE-416 CVE-2022-3134: Use After Free in GitHub repository vim/vim prior to 9.0.0389. Use After Free in GitHub repository vim/vim prior to 9.0.0389.

CVE-2022-3008 [HIGH] CWE-78 CVE-2022-3008: The tinygltf library uses the C library function wordexp() to perform file path expansion on untrust The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a3844

CVE-2022-39842 [MEDIUM] CWE-190 CVE-2022-39842: An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/ An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the origin

CVE-2022-38751 [MEDIUM] CWE-121 CVE-2022-38751: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

CVE-2022-38750 [MEDIUM] CWE-121 CVE-2022-38750: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

CVE-2022-38749 [MEDIUM] CWE-121 CVE-2022-38749: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

CVE-2022-3099 [HIGH] CWE-416 CVE-2022-3099: Use After Free in GitHub repository vim/vim prior to 9.0.0360. Use After Free in GitHub repository vim/vim prior to 9.0.0360.

CVE-2020-22669 [CRITICAL] CWE-89 CVE-2020-22669: Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerabi Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.

CVE-2020-29260 [HIGH] CWE-400 CVE-2020-29260: libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

CVE-2022-39176 [HIGH] CVE-2022-39176: BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because prof BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.

CVE-2022-39177 [HIGH] CVE-2022-39177: BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malform BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

CVE-2022-39188 [MEDIUM] CWE-362 CVE-2022-39188: An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a r An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.

CVE-2022-39190 [MEDIUM] CVE-2022-39190: An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.

CVE-2022-2996 [HIGH] CWE-295 CVE-2022-2996: A flaw was found in the python-scciclient when making an HTTPS connection to a server where the serv A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.

CVE-2022-3061 [MEDIUM] CWE-369 CVE-2022-3061: Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the drive Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.

CVE-2022-2663 [MEDIUM] CWE-923 CVE-2022-2663: An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confuse An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

CVE-2020-35533 [MEDIUM] CWE-125 CVE-2020-35533: In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" functi In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.

CVE-2020-35532 [MEDIUM] CWE-125 CVE-2020-35532: In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (lib In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.

CVE-2020-35530 [MEDIUM] CWE-787 CVE-2020-35530: In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\sr In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.