Debian: >> Debian Linux Security Vulnerabilities
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-02-24
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-02-24
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-24
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
CVSS Score
7.8
EPSS Score
0.006
Published
2022-02-23
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
CVSS Score
8.4
EPSS Score
0.003
Published
2022-02-22
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.
CVSS Score
8.1
EPSS Score
0.008
Published
2022-02-22
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-21
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
CVSS Score
6.2
EPSS Score
0.002
Published
2022-02-21
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
CVSS Score
8.8
EPSS Score
0.374
Published
2022-02-21
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
CVSS Score
5.5
EPSS Score
0.007
Published
2022-02-20