The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3216 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3218 advisory.

  - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either     `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create     a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable     by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory     is shared between all users on that system. Because of this, when files and directories are written into     this directory they are, by default, readable by other users on that same system. This vulnerability does     not allow other users to overwrite the contents of these directories or files. This is purely an     information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7,     this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this     vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to     patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a     directory that is exclusively owned by the executing user will mitigate this vulnerability.
    (CVE-2022-41946)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3215 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3217 advisory.

  - g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make     supported device nodes world-readable and writable, allowing any process on the system to read traffic     from keyboards, including sensitive data. (CVE-2022-46338)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5292 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3214 advisory.

  - LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp,     postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example,     malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. (CVE-2020-15503)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3213 advisory.

  - krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3210 advisory.

  - A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of     Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to     code execution. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-40401)

  - An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of     Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can     exploit the missing initialization of a structure to leak memory contents. An attacker can provide a     malicious file to trigger this vulnerability. (CVE-2021-40403)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3212 advisory.

  - Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host     header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource`     resource which renders the Host header unescaped into the 404 response allowing HTML and script injection.
    In practice this should be very difficult to exploit as being able to modify the Host header of a normal     HTTP request implies that one is already in a privileged position. This issue was fixed in version     22.10.0rc1. There are no known workarounds. (CVE-2022-39348)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5291 advisory.

  - compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited     recursion, a different issue than CVE-2019-11413. (CVE-2022-30974)

  - In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated     by mujs-pp. (CVE-2022-30975)

  - A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an     attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted     JavaScript file. (CVE-2022-44789)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3211 advisory.

  - An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and     denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. (CVE-2022-37032)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5290 advisory.

  - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically     evaluated and expanded. The standard format for interpolation is ${prefix:name}, where prefix is used     to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the     interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances     included interpolators that could result in arbitrary code execution or contact with remote servers. These     lookups are: - script - execute expressions using the JVM script execution engine (javax.script) - dns
    - resolve dns records - url - load values from urls, including from remote servers Applications using     the interpolation defaults in the affected versions may be vulnerable to remote code execution or     unintentional contact with remote servers if untrusted configuration values are used. Users are     recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators     by default. (CVE-2022-33980)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5289 advisory.

  - Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (Chromium security severity: High) (CVE-2022-4135)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3208 advisory.

  - An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before     6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an     assertion failure and daemon restart, which causes a performance loss. (CVE-2020-11653)

  - An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2,     and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are     invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1     requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the     Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. (CVE-2022-45060)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3207 advisory.

  - jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large     depth of nested objects. (CVE-2020-36518)

  - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a     check in primitive value deserializers to avoid deep wrapper array nesting, when the     UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1     (CVE-2022-42003)

  - In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in     BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is     vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3206 advisory.

  - All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue,     where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be     opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by     forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute     delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD     DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the     not-delegated flag set. (CVE-2019-14870)

  - A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ     (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
    (CVE-2021-3671)

  - Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a     denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via     PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users     should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. (CVE-2022-41916)

  - The vulnerability exists due to a boundary error within the GSSAPI unwrap_des() and unwrap_des3() routines     of Heimdal. A remote user can send specially crafted data to the application, trigger a heap-based buffer     overflow and perform a denial of service (DoS) attack. (CVE-2022-3437)

  - The Kerberos libraries used by Samba provide a mechanism for authenticating a user or service by means of     tickets that can contain Privilege Attribute Certificates (PACs). Both the Heimdal and MIT Kerberos     libraries, and so the embedded Heimdal shipped by Samba suffer from an integer multiplication overflow     when calculating how many bytes to allocate for a buffer for the parsed PAC. On a 32-bit system an     overflow allows placement of 16-byte chunks of entirely attacker- controlled data. (Because the user's     control over this calculation is limited to an unsigned 32-bit value, 64-bit systems are not impacted).
    The server most vulnerable is the KDC, as it will parse an attacker-controlled PAC in the S4U2Proxy     handler. The secondary risk is to Kerberos-enabled file server installations in a non-AD realm. A non-AD     Heimdal KDC controlling such a realm may pass on an attacker-controlled PAC within the service ticket.
    (CVE-2022-42898)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3205 advisory.

  - Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to     stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-     based overflow is present in the handling of environment variables when connecting via the telnet client     to remote telnet servers. This issue only affects the telnet client  accessible from the CLI or shell     in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks     Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions     prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior     to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1     versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3;
    17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions     prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to     18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3,     18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. (CVE-2019-0053)

  - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to     a given IP address and port, and this way potentially make curl extract information about services that     are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
    (CVE-2020-8284)

  - The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to     make sure they match the server address. This is similar to CVE-2020-8284 for curl. (CVE-2021-40491)

  - telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer     dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but     the telnet service would remain available through inetd. However, if the telnetd application has many     crashes within a short time interval, the telnet service would become unavailable after inetd logs a     telnet/tcp server failing (looping), service terminated error. NOTE: MIT krb5-appl is not supported     upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT     Kerberos 5 (aka krb5) product many years ago, at version 1.8. (CVE-2022-39028)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5288 advisory.

  - In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. (CVE-2022-1270)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3204 advisory.

  - Heap-based Buffer Overflow in vim/vim prior to 8.2. (CVE-2022-0318)

  - Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. (CVE-2022-0392)

  - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0629)

  - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. (CVE-2022-0696)

  - Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
    This vulnerabilities are capable of crashing software, modify memory, and possible remote execution     (CVE-2022-1619)

  - Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1621)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. (CVE-2022-1785)

  - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-1897, CVE-2022-2000,     CVE-2022-2129)

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-1942)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0490. (CVE-2022-3235)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0530. (CVE-2022-3256)

  - Use After Free in GitHub repository vim/vim prior to 9.0.0614. (CVE-2022-3352)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3203 advisory.

  - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing     different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A     MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one     subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-     protocol attacks may be possible where the behavior of one protocol service may compromise the other at     the application layer. (CVE-2021-3618)

  - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1     and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module     ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its     termination or potential other impact using a specially crafted audio or video file. The issue affects     only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the     configuration file. Further, the attack is possible only if an attacker can trigger processing of a     specially crafted audio or video file with the module ngx_http_mp4_module. (CVE-2022-41741)

  - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1     and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module     ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in     worker process memory disclosure by using a specially crafted audio or video file. The issue affects only     NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the     configuration file. Further, the attack is possible only if an attacker can trigger processing of a     specially crafted audio or video file with the module ngx_http_mp4_module. (CVE-2022-41742)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3202 advisory.

  - In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because     of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
    (CVE-2019-19221)

  - An improper link resolution flaw while extracting an archive can lead to changing the access control list     (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would     trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL     of a file on the system and gain more privileges. (CVE-2021-23177)

  - An improper link resolution flaw can occur while extracting an archive leading to changing modes, times,     access control lists, and flags of a file outside of the archive. An attacker may provide a malicious     archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker     may use this flaw to gain more privileges in a system. (CVE-2021-31566)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5287 advisory.

  - A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ     (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
    (CVE-2021-3671)

  - Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a     denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via     PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users     should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. (CVE-2022-41916)

  - The vulnerability exists due to a boundary error within the GSSAPI unwrap_des() and unwrap_des3() routines     of Heimdal. A remote user can send specially crafted data to the application, trigger a heap-based buffer     overflow and perform a denial of service (DoS) attack. (CVE-2022-3437)

  - The Kerberos libraries used by Samba provide a mechanism for authenticating a user or service by means of     tickets that can contain Privilege Attribute Certificates (PACs). Both the Heimdal and MIT Kerberos     libraries, and so the embedded Heimdal shipped by Samba suffer from an integer multiplication overflow     when calculating how many bytes to allocate for a buffer for the parsed PAC. On a 32-bit system an     overflow allows placement of 16-byte chunks of entirely attacker- controlled data. (Because the user's     control over this calculation is limited to an unsigned 32-bit value, 64-bit systems are not impacted).
    The server most vulnerable is the KDC, as it will parse an attacker-controlled PAC in the S4U2Proxy     handler. The secondary risk is to Kerberos-enabled file server installations in a non-AD realm. A non-AD     Heimdal KDC controlling such a realm may pass on an attacker-controlled PAC within the service ticket.
    (CVE-2022-42898)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3201 advisory.

  - A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause     code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically     proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an     external storage device. (CVE-2022-40284)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3200 advisory.

  - In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. (CVE-2022-1270)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5286 advisory.

  - The Kerberos libraries used by Samba provide a mechanism for authenticating a user or service by means of     tickets that can contain Privilege Attribute Certificates (PACs). Both the Heimdal and MIT Kerberos     libraries, and so the embedded Heimdal shipped by Samba suffer from an integer multiplication overflow     when calculating how many bytes to allocate for a buffer for the parsed PAC. On a 32-bit system an     overflow allows placement of 16-byte chunks of entirely attacker- controlled data. (Because the user's     control over this calculation is limited to an unsigned 32-bit value, 64-bit systems are not impacted).
    The server most vulnerable is the KDC, as it will parse an attacker-controlled PAC in the S4U2Proxy     handler. The secondary risk is to Kerberos-enabled file server installations in a non-AD realm. A non-AD     Heimdal KDC controlling such a realm may pass on an attacker-controlled PAC within the service ticket.
    (CVE-2022-42898)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3194 advisory.

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming     STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a     subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all     users that use STUN. A malicious actor located within the victim's network may forge and send a specially     crafted UDP (STUN) message that could remotely execute arbitrary code on the victim's machine. Users are     advised to upgrade as soon as possible. There are no known workarounds. (CVE-2021-37706)

  - Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument     may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
    (CVE-2021-43299)

  - Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument     may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
    (CVE-2021-43300)

  - Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names'     argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size     validation. (CVE-2021-43301)

  - Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename'     argument may cause an out-of-bounds read when the filename is shorter than 4 characters. (CVE-2021-43302)

  - Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may     cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the     output buffer, regardless of the 'maxlen' argument supplied (CVE-2021-43303)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming     RTCP BYE message contains a reason's length, this declared length is not checked against the actual     received packet size, potentially resulting in an out-of-bound read access. This issue affects all users     that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length.
    Users are advised to upgrade as soon as possible. There are no known workarounds. (CVE-2021-43804)

  - PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming     RTCP XR message contain block, the data field is not checked against the received packet size, potentially     resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious     actor can send a RTCP XR message with an invalid packet size. (CVE-2021-43845)

  - res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and     Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and     zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the     CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append     operation relative to the active topology, but this should instead be a replace operation.
    (CVE-2021-46837)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there     are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-     of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch     is available as a commit in the `master` branch. There are no known workarounds. (CVE-2022-21722)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing     an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read     access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in     the `master` branch. There are no known workarounds. (CVE-2022-21723)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including     2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can     potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set     to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior     such as dialog list collision which eventually leading to endless loop. A patch is available in commit     db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known     workarounds for this issue. (CVE-2022-23608)

  - PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12     and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML     parsing in their apps. Users are advised to update. There are no known workarounds. (CVE-2022-24763)

  - PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior     contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API     `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly     call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on     the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
    (CVE-2022-24764)

  - PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and     prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any     app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master`     branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
    (CVE-2022-24786)

  - PJSIP is a free and open source multimedia communication library written in C. A denial-of-service     vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read     invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than     31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays     trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository.
    As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.
    (CVE-2022-24792)

  - PJSIP is a free and open source multimedia communication library written in C. A buffer overflow     vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't     affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the     `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting     `nameserver_count` to zero) or use an external resolver instead. (CVE-2022-24793)

  - An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files     that are not certificates. These files could be much larger than what one would expect to download,     leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. (CVE-2022-26498)

  - An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send     arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is     fixed in 16.25.2, 18.11.2, and 19.3.2. (CVE-2022-26499)

  - An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc     module provides possibly inadequate escaping functionality for backslash characters in SQL queries,     resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in     16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14. (CVE-2022-26651)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3199 advisory.

  - Service Workers should not be able to infer information about opaque cross-origin responses; but timing     information for cross-origin media combined with Range requests might have allowed them to determine the     presence or length of a media file.  (CVE-2022-45403)

  - Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go     fullscreen without the user seeing the notification prompt, resulting in potential user confusion or     spoofing attacks.  (CVE-2022-45404)

  - Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a     use-after-free and potentially exploitable crash.  (CVE-2022-45405)

  - If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be     deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a     potentially exploitable crash.  (CVE-2022-45406)

  - Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without     the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks.
    (CVE-2022-45408)

  - The garbage collector could have been aborted in several states and zones and     <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and     potentially exploitable crash  (CVE-2022-45409)

  - When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was     lost after the ServiceWorker took ownership of it.  This had the effect of negating SameSite cookie     protections.  This was addressed in the spec and then in browsers.  (CVE-2022-45410)

  - Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS     attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies     protected by HTTPOnly).  To mitigate this attack, browsers placed limits on <code>fetch()</code> and     XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-     Override</code> that override the HTTP method, and made this attack possible again.  Firefox has applied     the same mitigations to the use of this and similar headers.  (CVE-2022-45411)

  - When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced     where the symlink was resolved to a string containing unitialized memory in the buffer.  This bug only     affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.
    (CVE-2022-45412)

  - Keyboard events reference strings like KeyA that were at fixed, known, and widely-spread addresses.
    Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being     pressed.  (CVE-2022-45416)

  - If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn     over the browser UI, resulting in potential user confusion or spoofing attacks.  (CVE-2022-45418)

  - Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the     boundaries of the iframe, resulting in potential user confusion or spoofing attacks.  (CVE-2022-45420)

  - Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Firefox 106     and Firefox ESR 102.4. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code.  (CVE-2022-45421)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5284 advisory.

  - Service Workers should not be able to infer information about opaque cross-origin responses; but timing     information for cross-origin media combined with Range requests might have allowed them to determine the     presence or length of a media file.  (CVE-2022-45403)

  - Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go     fullscreen without the user seeing the notification prompt, resulting in potential user confusion or     spoofing attacks.  (CVE-2022-45404)

  - Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a     use-after-free and potentially exploitable crash.  (CVE-2022-45405)

  - If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be     deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a     potentially exploitable crash.  (CVE-2022-45406)

  - Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without     the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks.
    (CVE-2022-45408)

  - The garbage collector could have been aborted in several states and zones and     <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and     potentially exploitable crash  (CVE-2022-45409)

  - When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was     lost after the ServiceWorker took ownership of it.  This had the effect of negating SameSite cookie     protections.  This was addressed in the spec and then in browsers.  (CVE-2022-45410)

  - Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS     attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies     protected by HTTPOnly).  To mitigate this attack, browsers placed limits on <code>fetch()</code> and     XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-     Override</code> that override the HTTP method, and made this attack possible again.  Firefox has applied     the same mitigations to the use of this and similar headers.  (CVE-2022-45411)

  - When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced     where the symlink was resolved to a string containing unitialized memory in the buffer.  This bug only     affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.
    (CVE-2022-45412)

  - Keyboard events reference strings like KeyA that were at fixed, known, and widely-spread addresses.
    Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being     pressed.  (CVE-2022-45416)

  - If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn     over the browser UI, resulting in potential user confusion or spoofing attacks.  (CVE-2022-45418)

  - Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the     boundaries of the iframe, resulting in potential user confusion or spoofing attacks.  (CVE-2022-45420)

  - Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Firefox 106     and Firefox ESR 102.4. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code.  (CVE-2022-45421)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5285 advisory.

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming     STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a     subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all     users that use STUN. A malicious actor located within the victim's network may forge and send a specially     crafted UDP (STUN) message that could remotely execute arbitrary code on the victim's machine. Users are     advised to upgrade as soon as possible. There are no known workarounds. (CVE-2021-37706)

  - Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument     may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
    (CVE-2021-43299)

  - Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument     may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
    (CVE-2021-43300)

  - Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names'     argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size     validation. (CVE-2021-43301)

  - Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename'     argument may cause an out-of-bounds read when the filename is shorter than 4 characters. (CVE-2021-43302)

  - Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may     cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the     output buffer, regardless of the 'maxlen' argument supplied (CVE-2021-43303)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming     RTCP BYE message contains a reason's length, this declared length is not checked against the actual     received packet size, potentially resulting in an out-of-bound read access. This issue affects all users     that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length.
    Users are advised to upgrade as soon as possible. There are no known workarounds. (CVE-2021-43804)

  - PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming     RTCP XR message contain block, the data field is not checked against the received packet size, potentially     resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious     actor can send a RTCP XR message with an invalid packet size. (CVE-2021-43845)

  - res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and     Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and     zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the     CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append     operation relative to the active topology, but this should instead be a replace operation.
    (CVE-2021-46837)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there     are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-     of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch     is available as a commit in the `master` branch. There are no known workarounds. (CVE-2022-21722)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing     an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read     access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in     the `master` branch. There are no known workarounds. (CVE-2022-21723)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including     2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can     potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set     to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior     such as dialog list collision which eventually leading to endless loop. A patch is available in commit     db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known     workarounds for this issue. (CVE-2022-23608)

  - PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12     and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML     parsing in their apps. Users are advised to update. There are no known workarounds. (CVE-2022-24763)

  - PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior     contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API     `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly     call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on     the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
    (CVE-2022-24764)

  - PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and     prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any     app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master`     branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
    (CVE-2022-24786)

  - PJSIP is a free and open source multimedia communication library written in C. A denial-of-service     vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read     invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than     31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays     trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository.
    As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.
    (CVE-2022-24792)

  - PJSIP is a free and open source multimedia communication library written in C. A buffer overflow     vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't     affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the     `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting     `nameserver_count` to zero) or use an external resolver instead. (CVE-2022-24793)

  - An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files     that are not certificates. These files could be much larger than what one would expect to download,     leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. (CVE-2022-26498)

  - An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send     arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is     fixed in 16.25.2, 18.11.2, and 19.3.2. (CVE-2022-26499)

  - An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc     module provides possibly inadequate escaping functionality for backslash characters in SQL queries,     resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in     16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14. (CVE-2022-26651)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3195 advisory.

  - Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to     version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from     `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as     another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. (CVE-2022-39286)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3196 advisory.

  - Service Workers should not be able to infer information about opaque cross-origin responses; but timing     information for cross-origin media combined with Range requests might have allowed them to determine the     presence or length of a media file.  (CVE-2022-45403)

  - Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go     fullscreen without the user seeing the notification prompt, resulting in potential user confusion or     spoofing attacks.  (CVE-2022-45404)

  - Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a     use-after-free and potentially exploitable crash.  (CVE-2022-45405)

  - If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be     deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a     potentially exploitable crash.  (CVE-2022-45406)

  - Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without     the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks.
    (CVE-2022-45408)

  - The garbage collector could have been aborted in several states and zones and     <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and     potentially exploitable crash  (CVE-2022-45409)

  - When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was     lost after the ServiceWorker took ownership of it.  This had the effect of negating SameSite cookie     protections.  This was addressed in the spec and then in browsers.  (CVE-2022-45410)

  - Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS     attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies     protected by HTTPOnly).  To mitigate this attack, browsers placed limits on <code>fetch()</code> and     XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-     Override</code> that override the HTTP method, and made this attack possible again.  Firefox has applied     the same mitigations to the use of this and similar headers.  (CVE-2022-45411)

  - When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced     where the symlink was resolved to a string containing unitialized memory in the buffer.  This bug only     affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.
    (CVE-2022-45412)

  - Keyboard events reference strings like KeyA that were at fixed, known, and widely-spread addresses.
    Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being     pressed.  (CVE-2022-45416)

  - If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn     over the browser UI, resulting in potential user confusion or spoofing attacks.  (CVE-2022-45418)

  - Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the     boundaries of the iframe, resulting in potential user confusion or spoofing attacks.  (CVE-2022-45420)

  - Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Firefox 106     and Firefox ESR 102.4. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code.  (CVE-2022-45421)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3198 advisory.

  - phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
    (CVE-2021-30130)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5283 advisory.

  - jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large     depth of nested objects. (CVE-2020-36518)

  - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a     check in primitive value deserializers to avoid deep wrapper array nesting, when the     UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1     (CVE-2022-42003)

  - In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in     BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is     vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3197 advisory.

  - phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
    (CVE-2021-30130)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3193 advisory.

  - The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch     flag in Parallel() class due to the eval() statement. (CVE-2022-21797)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3192 advisory.

  - In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in     lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-     gunicorn service to execute user-provided code on the server. (CVE-2022-42902)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3191 advisory.

  - Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory     traversal if crafted filenames are directly passed to it. (CVE-2021-45452)

  - The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not     properly encode the current context. This may lead to XSS. (CVE-2022-22818)

  - An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before     4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
    (CVE-2022-23833)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5282 advisory.

  - Service Workers should not be able to infer information about opaque cross-origin responses; but timing     information for cross-origin media combined with Range requests might have allowed them to determine the     presence or length of a media file.  (CVE-2022-45403)

  - Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go     fullscreen without the user seeing the notification prompt, resulting in potential user confusion or     spoofing attacks.  (CVE-2022-45404)

  - Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a     use-after-free and potentially exploitable crash.  (CVE-2022-45405)

  - If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be     deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a     potentially exploitable crash.  (CVE-2022-45406)

  - Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without     the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks.
    (CVE-2022-45408)

  - The garbage collector could have been aborted in several states and zones and     <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and     potentially exploitable crash  (CVE-2022-45409)

  - When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was     lost after the ServiceWorker took ownership of it.  This had the effect of negating SameSite cookie     protections.  This was addressed in the spec and then in browsers.  (CVE-2022-45410)

  - Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS     attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies     protected by HTTPOnly).  To mitigate this attack, browsers placed limits on <code>fetch()</code> and     XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-     Override</code> that override the HTTP method, and made this attack possible again.  Firefox has applied     the same mitigations to the use of this and similar headers.  (CVE-2022-45411)

  - When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced     where the symlink was resolved to a string containing unitialized memory in the buffer.  This bug only     affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.
    (CVE-2022-45412)

  - Keyboard events reference strings like KeyA that were at fixed, known, and widely-spread addresses.
    Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being     pressed.  (CVE-2022-45416)

  - If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn     over the browser UI, resulting in potential user confusion or spoofing attacks.  (CVE-2022-45418)

  - Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the     boundaries of the iframe, resulting in potential user confusion or spoofing attacks.  (CVE-2022-45420)

  - Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Firefox 106     and Firefox ESR 102.4. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code.  (CVE-2022-45421)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3190 advisory.

  - grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure     boot bypass (CVE-2022-2601)

  - grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5281 advisory.

  - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1     and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module     ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its     termination or potential other impact using a specially crafted audio or video file. The issue affects     only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the     configuration file. Further, the attack is possible only if an attacker can trigger processing of a     specially crafted audio or video file with the module ngx_http_mp4_module. (CVE-2022-41741)

  - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1     and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module     ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in     worker process memory disclosure by using a specially crafted audio or video file. The issue affects only     NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the     configuration file. Further, the attack is possible only if an attacker can trigger processing of a     specially crafted audio or video file with the module ngx_http_mp4_module. (CVE-2022-41742)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5280 advisory.

  - grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure     boot bypass (CVE-2022-2601)

  - grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5279 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3189 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5277 advisory.

  - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress     quines gzip files, resulting in an infinite loop. (CVE-2022-31628)

  - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site     attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or     `__Secure-` cookie by PHP applications. (CVE-2022-31629)

  - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer     overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
    This occurs in the sponge function interface. (CVE-2022-37454)

  - The vulnerability exists due to a boundary condition within the imageloadfont() function. A remote     attacker can pass specially crafted data to the web application, trigger an out-of-bounds read error and     read contents of memory on the system. (CVE-2022-31630)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5278 advisory.

  - A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the     function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is     recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is     VDB-211051. (CVE-2022-3550)

  - A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this     issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It     is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
    (CVE-2022-3551)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3188 advisory.

  - sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
    (CVE-2019-16167)

  - sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. (CVE-2019-19725)

  - sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in     versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in     sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic     multiplication, allowing for an overflow in the size allocated for the buffer representing system     activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version     12.7.1. (CVE-2022-39377)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3187 advisory.

  - An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available     authentication methods in the client-side SSH code, it is possible for an SSH server to change the login     process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-     Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server     unnoticed. (CVE-2021-36369)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3184 advisory.

  - Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks     (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the     parser to crash by stackoverflow. This effect may support a denial of service attack. (CVE-2022-40149)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5276 advisory.

  - In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in     rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. (CVE-2022-44638)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3186 advisory.

  - There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of     Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. (CVE-2017-11683)

  - A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of     service (DOS). (CVE-2020-19716)

  - A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function     QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler.
    The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the     patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue.
    The identifier of this vulnerability is VDB-212496. (CVE-2022-3756)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
168386	Debian DLA-3216-1 : vlc - LTS security update	critical
168385	Debian DLA-3218-1 : libpgjava - LTS security update	medium
168380	Debian DLA-3215-1 : snapd - LTS security update	high
168379	Debian DLA-3217-1 : g810-led - LTS security update	medium
168338	Debian DSA-5292-1 : snapd - security update	high
168315	Debian DLA-3214-1 : libraw - LTS security update	high
168264	Debian DLA-3213-1 : krb5 - LTS security update	medium
168260	Debian DLA-3210-1 : gerbv - LTS security update	high
168233	Debian DLA-3212-1 : twisted - LTS security update	medium
168232	Debian DSA-5291-1 : mujs - security update	high
168229	Debian DLA-3211-1 : frr - LTS security update	critical
168228	Debian DSA-5290-1 : commons-configuration2 - security update	critical
168215	Debian DSA-5289-1 : chromium - security update	critical
168207	Debian DLA-3208-1 : varnish - LTS security update	high
168206	Debian DLA-3207-1 : jackson-databind - LTS security update	high
168205	Debian DLA-3206-1 : heimdal - LTS security update	medium
168204	Debian DLA-3205-1 : inetutils - LTS security update	high
168194	Debian DSA-5288-1 : graphicsmagick - security update	high
168183	Debian DLA-3204-1 : vim - LTS security update	critical
168171	Debian DLA-3203-1 : nginx - LTS security update	high
168147	Debian DLA-3202-1 : libarchive - LTS security update	high
168145	Debian DSA-5287-1 : heimdal - security update	high
168049	Debian DLA-3201-1 : ntfs-3g - LTS security update	high
168015	Debian DLA-3200-1 : graphicsmagick - LTS security update	high
168002	Debian DSA-5286-1 : krb5 - security update	medium
167926	Debian DLA-3194-1 : asterisk - LTS security update	critical
167917	Debian DLA-3199-1 : firefox-esr - LTS security update	medium
167916	Debian DSA-5284-1 : thunderbird - security update	medium
167915	Debian DSA-5285-1 : asterisk - security update	critical
167914	Debian DLA-3195-1 : jupyter-core - LTS security update	high
167913	Debian DLA-3196-1 : thunderbird - LTS security update	medium
167912	Debian DLA-3198-1 : php-phpseclib - LTS security update	high
167911	Debian DSA-5283-1 : jackson-databind - security update	high
167910	Debian DLA-3197-1 : phpseclib - LTS security update	high
167785	Debian DLA-3193-1 : joblib - LTS security update	critical
167781	Debian DLA-3192-1 : lava - LTS security update	high
167780	Debian DLA-3191-1 : python-django - LTS security update	medium
167776	Debian DSA-5282-1 : firefox-esr - security update	critical
167748	Debian DLA-3190-1 : grub2 - LTS security update	medium
167747	Debian DSA-5281-1 : nginx - security update	high
167746	Debian DSA-5280-1 : grub2 - security update	medium
167631	Debian DSA-5279-1 : wordpress - security update	high
167532	Debian DLA-3189-1 : postgresql-11 - LTS security update	high
167434	Debian DSA-5277-1 : php7.4 - security update	critical
167433	Debian DSA-5278-1 : xorg-server - security update	high
167432	Debian DLA-3188-1 : sysstat - LTS security update	critical
167353	Debian DLA-3187-1 : dropbear - LTS security update	high
167296	Debian DLA-3184-1 : libjettison-java - LTS security update	high
167295	Debian DSA-5276-1 : pixman - security update	high
167277	Debian DLA-3186-1 : exiv2 - LTS security update	high

Debian Local Security Checks Family for Nessus

critical

medium

high

medium

high

high

medium

high

medium

high

critical

critical

critical

high

high

medium

high

high

critical

high

high

high

high

high

medium

critical

medium

medium

critical

high

medium

high

high

high

critical

high

medium

critical

medium

high

medium

high

high

critical

high

critical

high

high

high

high