Debian: >> Debian Linux >> 11.0 Security Vulnerabilities
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
CVSS Score
8.8
EPSS Score
0.25
Published
2022-02-21
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-02-20
CVE-2022-0543
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Known exploited
CVSS Score
10.0
EPSS Score
0.944
Published
2022-02-18
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-02-18
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-18
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVSS Score
9.8
EPSS Score
0.077
Published
2022-02-18
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVSS Score
7.8
EPSS Score
0.001
Published
2022-02-17
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVSS Score
7.8
EPSS Score
0.023
Published
2022-02-17
Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-16
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-02-16