Debian: >> Debian Linux >> 10.0 Security Vulnerabilities
An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-04-06
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-04-04
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-04-03
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-04-03
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-04-03
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-04-02
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.
CVSS Score
9.1
EPSS Score
0.005
Published
2022-03-30
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-03-30
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
CVSS Score
7.8
EPSS Score
0.006
Published
2022-03-30
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-03-30