Debian: >> Debian Linux >> 9.0 Security Vulnerabilities
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-02-24
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-02-24
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-02-24
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-24
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-02-23
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
CVSS Score
8.4
EPSS Score
0.002
Published
2022-02-22
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.
CVSS Score
8.1
EPSS Score
0.005
Published
2022-02-22
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-02-20
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
CVSS Score
8.4
EPSS Score
0.003
Published
2022-02-20
CVE-2022-0543
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Known exploited
CVSS Score
10.0
EPSS Score
0.944
Published
2022-02-18