The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5145 advisory.

  - In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo     function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a     crafted lrz file. (CVE-2018-5786)

  - A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an     attacker to cause a denial of service (DOS) via a crafted compressed file. (CVE-2020-25467)

  - A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers     to cause a denial of service (DOS) via a crafted compressed file. (CVE-2021-27345)

  - Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial     of Service (DoS) via a crafted compressed file. (CVE-2021-27347)

  - lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions     zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service     (DoS) via a crafted Irz file. (CVE-2022-26291)

  - Irzip v0.640 was discovered to contain a heap memory corruption via the component     lrzip.c:initialise_control. (CVE-2022-28044)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5146 advisory.

  - Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with     a proxy which forwards HTTP header values which contain the LF character could allow HTTP request     smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to     another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is     Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via     HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two     requests, and when processing the second request, send back a response that the proxy does not expect. If     the proxy has reused the persistent connection to Puma to send another request for a different client, the     second response from the first client will be sent to the second client. This vulnerability was patched in     Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`. (CVE-2021-41136)

  - Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not     always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body     being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of     these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information     leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions     7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the     vulnerability. (CVE-2022-23634)

  - Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using     Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230     standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow     requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and     4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of     Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.
    (CVE-2022-24790)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3020 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3021 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3016 advisory.

  - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a     specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0     are vulnerable. (CVE-2018-16881)

  - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap     buffer overflow when octet-counted framing is used. This can result in a segfault or some other     malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But     there may still be a slight chance for experts to do that. The bug occurs when the octet count is read.
    While there is a check for the maximum number of octets, digits are written to a heap buffer even when the     octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence     of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote     exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing     modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`,     `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to     directly expose them to the public. When this practice is followed, the risk is considerably lower. Module     `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present     on any production installation. Octet-counted framing is not very common. Usually, it needs to be     specifically enabled at senders. If users do not need it, they can turn it off for the most important     modules. This will mitigate the vulnerability. (CVE-2022-24903)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5143 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5144 advisory.

  - HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access     Control. It is possible to use a different authentication method to submit a job than the administrator     has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it     is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)     (CVE-2019-18823)

  - An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When     a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any     entity when issuing additional commands to that daemon. (CVE-2022-26110)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3019 advisory.

  - ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from     stl_remove_degenerate) in connect.c in libadmesh.a. (CVE-2018-25033)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5142 advisory.

  - In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*)     don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a     victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for     example libxslt through 1.1.35, is affected as well. (CVE-2022-29824)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3018 advisory.

  - pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql     database while doing security research. The system using the postgresql library will be attacked when     attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names     provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`,     `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements     the expected interface before instantiating the class. This can lead to code execution loaded via     arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this     issue. (CVE-2022-21724)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3015 advisory.

  - In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the     extraction directory via ../ directory traversal. (CVE-2020-16116)

  - In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction     directory, as demonstrated by a write operation to a user's home directory. (CVE-2020-24654)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3017 advisory.

  - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the     experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an     LDAP search operation when the search filter is processed, due to a lack of proper escaping.
    (CVE-2022-29155)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5140 advisory.

  - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the     experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an     LDAP search operation when the search filter is processed, due to a lack of proper escaping.
    (CVE-2022-29155)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5141 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-3013 advisory.

  - needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl,     Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when     needrestart tries to detect if interpreters are using old source files. (CVE-2022-30688)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-3014 advisory.

  - CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or     responses with many small (i.e. 1 byte) chunks. (CVE-2020-8659)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5139 advisory.

  - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This     script is distributed by some operating systems in a manner where it is automatically executed. On such     operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of     the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.
    Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).
    Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5138 advisory.

  - Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0     and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230     standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This     would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two     classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use     of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be     parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits;
    and Waitress does not support chunk extensions, however it was discarding them without validating that     they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A     workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality     to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this     functionality though and users are encouraged to upgrade to the latest version of waitress instead.
    (CVE-2022-24761)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2996 advisory.

  - The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of     service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a     crafted .rb file. (CVE-2017-9527)

  - In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when     handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker     that can cause Ruby code to be run can use this to possibly execute arbitrary code. (CVE-2018-10191)

  - The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which     allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash)     or possibly have unspecified other impact. (CVE-2018-11743)

  - An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because     class BasicObject is not properly supported in class.c. (CVE-2018-12249)

  - The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow,     possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not     check for a negative length. (CVE-2018-14337)

  - mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c     because of incorrect VM stack handling. It can be triggered via the stack_copy function. (CVE-2020-15866)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5137 advisory.

  - needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl,     Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when     needrestart tries to detect if interpreters are using old source files. (CVE-2022-30688)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3001 advisory.

  - The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via     the writeReplace() method in internal classes, which may lead to DoS attacks. (CVE-2022-25647)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3012 advisory.

  - In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*)     don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a     victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for     example libxslt through 1.1.35, is affected as well. (CVE-2022-29824)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3011 advisory.

  - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-0261, CVE-2022-0572)

  - Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
    (CVE-2022-0351)

  - Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-0413, CVE-2022-0443)

  - Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. (CVE-2022-1154)

  - Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is     capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution     (CVE-2022-1616)

  - Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
    This vulnerabilities are capable of crashing software, modify memory, and possible remote execution     (CVE-2022-1619)

  - Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This     vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible     remote execution (CVE-2022-1621)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3009 advisory.

  - In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line     argument could lead to local attackers gaining root privileges. (CVE-2022-27239)

  - cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal     sign) characters but is not a valid credentials file. (CVE-2022-29869)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3008 advisory.

  - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This     script is distributed by some operating systems in a manner where it is automatically executed. On such     operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of     the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.
    Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).
    Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3007 advisory.

  - A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage()     in coders/svg.c. This issue is due to not checking the return value from libxml2's     xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.
    (CVE-2021-3596)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3006 advisory.

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,     18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise     Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java     Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes     from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by     using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS     3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
    (CVE-2022-21426)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2022-21434)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM     Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2022-21443)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise     Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients     running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code     (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability     can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies     data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21476)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,     18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible     data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java     Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes     from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by     using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS     3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
    (CVE-2022-21496)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-3002 advisory.

  - Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to     achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL     database. (CVE-2021-43008)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3004 advisory.

  - There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls     malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc     function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address     boundary error in the jpeg_read_scanlines function. (CVE-2022-27114)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-3005 advisory.

  - Irzip v0.640 was discovered to contain a heap memory corruption via the component     lrzip.c:initialise_control. (CVE-2022-28044)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-3003 advisory.

  - Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient     regular expression that is susceptible to excessive backtracking when attempting to detect encoding in     HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for     this issue. (CVE-2022-24836)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3000 advisory.

  - Waitress through version 1.3.1 implemented a MAY part of the RFC7230 which states: Although the line     terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single     LF as a line terminator and ignore any preceding CR. Unfortunately if a front-end server does not parse     header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the     back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP     request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a     single HTTP message. This issue is fixed in Waitress 1.4.0. (CVE-2019-16785)

  - Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string     value, if that value was not chunked it would fall through and use the Content-Length header instead.
    According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most     encoding first, followed by any further transfer codings, ending with chunked. Requests sent with:
    Transfer-Encoding: gzip, chunked would incorrectly get ignored, and the request would use a Content-     Length header instead to determine the body size of the HTTP message. This could allow for Waitress to     treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in     Waitress 1.4.0. (CVE-2019-16786)

  - In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may     be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a     potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters     in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end     server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to     containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server     this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected     information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation.
    (CVE-2019-16789)

  - Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice.
    Waitress would header fold a double Content-Length header and due to being unable to cast the now comma     separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers     are sent in a single request, Waitress would treat the request as having no body, thereby treating the     body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.
    (CVE-2019-16792)

  - Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0     and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230     standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This     would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two     classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use     of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be     parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits;
    and Waitress does not support chunk extensions, however it was discarding them without validating that     they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A     workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality     to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this     functionality though and users are encouraged to upgrade to the latest version of waitress instead.
    (CVE-2022-24761)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dsa-5135 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5136 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5134 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2991 advisory.

  - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version     22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP     request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to     desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling.
    Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a     different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a     different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two     workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by     upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.
    (CVE-2022-24801)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2998 advisory.

  - A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord     coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted     gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger     this vulnerability. (CVE-2022-23803)

  - A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord     coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted     gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger     this vulnerability. (CVE-2022-23804)

  - A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber     parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or     excellon file can lead to code execution. An attacker can provide a malicious file to trigger this     vulnerability. (CVE-2022-23946)

  - A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber     parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or     excellon file can lead to code execution. An attacker can provide a malicious file to trigger this     vulnerability. (CVE-2022-23947)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2999 advisory.

  - Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read     past end of input line (CVE-2022-1328)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5133 advisory.

  - A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc()     function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer     overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or     potentially execute arbitrary code within the context of the QEMU process. (CVE-2021-4206)

  - A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values     `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object     followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw     to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU     process. (CVE-2021-4207)

  - A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for     CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and     other unexpected results. Affected QEMU version: 6.2.0. (CVE-2022-26353)

  - A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached     from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results.
    Affected QEMU versions <= 6.2.0. (CVE-2022-26354)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5132 advisory.

  - ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify).
    `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A     signature consisting only of zeroes is always considered valid, making it trivial to forge signatures.
    Requiring multiple signatures from different public keys does not mitigate the issue:
    `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the     `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in     ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and     a CLI utility) are vulnerable. (CVE-2022-24884)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2997 advisory.

  - ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify).
    `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A     signature consisting only of zeroes is always considered valid, making it trivial to forge signatures.
    Requiring multiple signatures from different public keys does not mitigate the issue:
    `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the     `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in     ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and     a CLI utility) are vulnerable. (CVE-2022-24884)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2995 advisory.

  - Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from     application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php     methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch. (CVE-2021-21408)

  - Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from     application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by     crafting a malicious math string. If a math string was passed through as user provided data to the math     function, external users could run arbitrary PHP code by crafting a malicious math string. Users should     upgrade to version 3.1.42 or 4.0.2 to receive a patch. (CVE-2021-29454)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2994 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5130 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5131 advisory.

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,     18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise     Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java     Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes     from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by     using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS     3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
    (CVE-2022-21426)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2022-21434)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM     Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2022-21443)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle     GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated     attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM     Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion     or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). (CVE-2022-21449)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise     Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients     running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code     (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability     can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies     data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21476)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,     18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible     data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java     Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes     from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by     using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS     3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
    (CVE-2022-21496)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5129 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2993 advisory.

  - zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many     distant matches. (CVE-2018-25032)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5128 advisory.

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,     18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise     Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java     Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes     from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by     using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS     3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
    (CVE-2022-21426)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2022-21434)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM     Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2022-21443)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle     GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated     attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM     Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion     or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). (CVE-2022-21449)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise     Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients     running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code     (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability     can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies     data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21476)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,     18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible     data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java     Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes     from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by     using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS     3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
    (CVE-2022-21496)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2992 advisory.

  - OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability     when key-method 1 is used, possibly resulting in code execution. (CVE-2017-12166)

  - An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2     (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives     before the data channel crypto parameters have been initialized, the victim's connection will be dropped.
    This requires careful timing due to the small time window (usually within a few seconds) between the     victim client connection starting and the server PUSH_REPLY response back to the client. This attack will     only work if Negotiable Cipher Parameters (NCP) is in use. (CVE-2020-11810)

  - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control     channel data on servers configured with deferred authentication, which can be used to potentially trigger     further information leaks. (CVE-2020-15078)

  - OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins     when more than one of them makes use of deferred authentication replies, which allows an external user to     be granted access with only partially correct credentials. (CVE-2022-0547)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5127 advisory.

  - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces     subsystem was found in the way users have access to some less privileged process that are controlled by     cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of     control groups. A local user could use this flaw to crash the system or escalate their privileges on the     system. (CVE-2021-4197)

  - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers     concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM     for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the     system. (CVE-2022-1048)

  - A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a     local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device     is detached and reclaim resources early. (CVE-2022-1195)

  - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This     flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a     leak of internal kernel information. (CVE-2022-1353)

  - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has     EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)

  - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and     net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap     objects and may cause a local privilege escalation threat. (CVE-2022-27666)

  - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)

  - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double     free. (CVE-2022-28388)

  - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double     free. (CVE-2022-28389)

  - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
    (CVE-2022-28390)

  - In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring     timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race     condition perhaps can only be exploited infrequently. (CVE-2022-29582)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
161494	Debian DSA-5145-1 : lrzip - security update	critical
161493	Debian DSA-5146-1 : puma - security update	high
161472	Debian DLA-3020-1 : thunderbird - LTS security update	high
161463	Debian DLA-3021-1 : firefox-esr - LTS security update	high
161461	Debian DLA-3016-1 : rsyslog - LTS security update	high
161437	Debian DSA-5143-1 : firefox-esr - security update	high
161436	Debian DSA-5144-1 : condor - security update	critical
161435	Debian DLA-3019-1 : admesh - LTS security update	high
161434	Debian DSA-5142-1 : libxml2 - security update	medium
161433	Debian DLA-3018-1 : libpgjava - LTS security update	critical
161432	Debian DLA-3015-1 : ark - LTS security update	low
161428	Debian DLA-3017-1 : openldap - LTS security update	critical
161404	Debian DSA-5140-1 : openldap - security update	critical
161401	Debian DSA-5141-1 : thunderbird - security update	high
161398	Debian DLA-3013-1 : needrestart - LTS security update	high
161335	Debian DLA-3014-1 : elog - LTS security update	high
161329	Debian DSA-5139-1 : openssl - security update	critical
161328	Debian DSA-5138-1 : waitress - security update	high
161327	Debian DLA-2996-1 : mruby - LTS security update	critical
161254	Debian DSA-5137-1 : needrestart - security update	high
161244	Debian DLA-3001-1 : libgoogle-gson-java - LTS security update	high
161243	Debian DLA-3012-1 : libxml2 - LTS security update	medium
161242	Debian DLA-3011-1 : vim - LTS security update	critical
161218	Debian DLA-3009-1 : cifs-utils - LTS security update	high
161207	Debian DLA-3008-1 : openssl - LTS security update	critical
161205	Debian DLA-3007-1 : imagemagick - LTS security update	high
161203	Debian DLA-3006-1 : openjdk-8 - LTS security update	high
161202	Debian DLA-3002-1 : adminer - LTS security update	high
161201	Debian DLA-3004-1 : htmldoc - LTS security update	medium
161200	Debian DLA-3005-1 : lrzip - LTS security update	critical
161199	Debian DLA-3003-1 : ruby-nokogiri - LTS security update	high
161188	Debian DLA-3000-1 : waitress - LTS security update	high
161154	Debian DSA-5135-1 : postgresql-11 - security update	high
161153	Debian DSA-5136-1 : postgresql-13 - security update	high
161150	Debian DSA-5134-1 : chromium - security update	critical
160979	Debian DLA-2991-1 : twisted - LTS security update	high
160978	Debian DLA-2998-1 : kicad - LTS security update	high
160971	Debian DLA-2999-1 : mutt - LTS security update	medium
160887	Debian DSA-5133-1 : qemu - security update	high
160846	Debian DSA-5132-1 : ecdsautils - security update	high
160714	Debian DLA-2997-1 : ecdsautils - LTS security update	high
160680	Debian DLA-2995-1 : smarty3 - LTS security update	high
160631	Debian DLA-2994-1 : firefox-esr - LTS security update	high
160629	Debian DSA-5130-1 : dpdk - security update	critical
160628	Debian DSA-5131-1 : openjdk-11 - security update	high
160540	Debian DSA-5129-1 : firefox-esr - security update	high
160528	Debian DLA-2993-1 : libz-mingw-w64 - LTS security update	high
160525	Debian DSA-5128-1 : openjdk-17 - security update	high
160475	Debian DLA-2992-1 : openvpn - LTS security update	critical
160469	Debian DSA-5127-1 : linux - security update	high

Debian Local Security Checks Family for Nessus

critical

high

high

high

high

high

critical

high

medium

critical

low

critical

critical

high

high

high

critical

high

critical

high

high

medium

critical

high

critical

high

high

high

medium

critical

high

high

high

high

critical

high

high

medium

high

high

high

high

high

critical

high

high

high

high

critical

high