The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5130 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5131 advisory.

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,     18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise     Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java     Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes     from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by     using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS     3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
    (CVE-2022-21426)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2022-21434)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM     Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2022-21443)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle     GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated     attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM     Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion     or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). (CVE-2022-21449)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise     Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients     running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code     (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability     can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies     data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21476)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,     18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible     data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java     Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes     from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by     using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS     3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
    (CVE-2022-21496)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5129 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2993 advisory.

  - zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many     distant matches. (CVE-2018-25032)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5128 advisory.

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,     18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise     Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java     Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes     from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by     using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS     3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
    (CVE-2022-21426)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2022-21434)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM     Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2022-21443)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle     GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated     attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM     Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion     or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). (CVE-2022-21449)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14,     17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise     Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients     running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code     (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability     can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies     data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21476)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,     18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible     data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java     Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes     from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by     using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS     3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
    (CVE-2022-21496)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2992 advisory.

  - OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability     when key-method 1 is used, possibly resulting in code execution. (CVE-2017-12166)

  - An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2     (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives     before the data channel crypto parameters have been initialized, the victim's connection will be dropped.
    This requires careful timing due to the small time window (usually within a few seconds) between the     victim client connection starting and the server PUSH_REPLY response back to the client. This attack will     only work if Negotiable Cipher Parameters (NCP) is in use. (CVE-2020-11810)

  - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control     channel data on servers configured with deferred authentication, which can be used to potentially trigger     further information leaks. (CVE-2020-15078)

  - OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins     when more than one of them makes use of deferred authentication replies, which allows an external user to     be granted access with only partially correct credentials. (CVE-2022-0547)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5127 advisory.

  - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces     subsystem was found in the way users have access to some less privileged process that are controlled by     cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of     control groups. A local user could use this flaw to crash the system or escalate their privileges on the     system. (CVE-2021-4197)

  - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers     concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM     for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the     system. (CVE-2022-1048)

  - A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a     local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device     is detached and reclaim resources early. (CVE-2022-1195)

  - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This     flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a     leak of internal kernel information. (CVE-2022-1353)

  - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has     EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)

  - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and     net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap     objects and may cause a local privilege escalation threat. (CVE-2022-27666)

  - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)

  - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double     free. (CVE-2022-28388)

  - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double     free. (CVE-2022-28389)

  - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
    (CVE-2022-28390)

  - In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring     timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race     condition perhaps can only be exploited infrequently. (CVE-2022-29582)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2990 advisory.

  - jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large     depth of nested objects. (CVE-2020-36518)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2988 advisory.

  - TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the     TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
    (CVE-2021-42260)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2987 advisory.

  - In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because     of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
    (CVE-2019-19221)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dsa-5126 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2989 advisory.

  - Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an     incomplete fix for CVE-2019-3839. (CVE-2019-25059)

  - It was found that in ghostscript some privileged operators remained accessible from various places after     the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example,     have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before     9.27 are vulnerable. (CVE-2019-3839)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2985 advisory.

  - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to     Uncontrolled Memory Consumption. (CVE-2022-23772)

  - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return     true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)

  - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested     expression. (CVE-2022-24921)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2986 advisory.

  - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to     Uncontrolled Memory Consumption. (CVE-2022-23772)

  - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return     true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)

  - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested     expression. (CVE-2022-24921)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5125 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5124 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5109 advisory.

  - There is a stack-based buffer overflow in the third instance of the calculate_gain function in     libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a     denial of service or possibly unspecified other impact because the S_M array is mishandled.
    (CVE-2018-20196)

  - A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio     Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads     to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.
    (CVE-2018-20199)

  - An invalid memory address dereference was discovered in the sbr_process_channel function of     libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a     segmentation fault and application crash, which leads to denial of service. (CVE-2018-20360)

  - An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in     ps_mix_phase in libfaad/ps_dec.c. (CVE-2019-6956)

  - An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin     located in mp4read.c. It allows an attacker to cause Code Execution. (CVE-2021-32272)

  - An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin     located in mp4read.c. It allows an attacker to cause Code Execution. (CVE-2021-32273)

  - An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function     sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution. (CVE-2021-32274)

  - An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function     get_sample() located in output.c. It allows an attacker to cause Denial of Service. (CVE-2021-32276)

  - An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function     sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution. (CVE-2021-32277)

  - An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function     lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. (CVE-2021-32278)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5122 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5120 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5123 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5121 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2983 advisory.

  - Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows     remote attackers to cause a denial of service (application crash) or possibly have unspecified other     impact. (CVE-2018-10753)

  - Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote     attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
    (CVE-2018-10771)

  - moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause     a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed     version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae. (CVE-2019-1010069)

  - abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.
    (CVE-2021-32434)

  - Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers     to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435)

  - An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers     to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32436)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2974 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2982 advisory.

  - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.
    QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a     crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2981 advisory.

  - In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo     function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a     crafted lrz file. (CVE-2018-5786)

  - A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an     attacker to cause a denial of service (DOS) via a crafted compressed file. (CVE-2020-25467)

  - A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers     to cause a denial of service (DOS) via a crafted compressed file. (CVE-2021-27345)

  - Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial     of Service (DoS) via a crafted compressed file. (CVE-2021-27347)

  - lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions     zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service     (DoS) via a crafted Irz file. (CVE-2022-26291)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5119 advisory.

  - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths     that should be hidden according to configured path-based authorization (authz) rules. When a node has been     copied from a protected location, users with access to the copy can see the 'copyfrom' path of the     original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not     its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)

  - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization     rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion     mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not     affected. (CVE-2022-24070)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2980 advisory.

  - An authenticated user can create a link with reflected XSS payload for actions' pages, and send it to     other users. Malicious code has access to all the same objects as the rest of the web page and can make     arbitrary modifications to the contents of the page being displayed to a victim. This attack can be     implemented with the help of social engineering and expiration of a number of factors - an attacker should     have authorized access to the Zabbix Frontend and allowed network connection between a malicious server     and victim's computer, understand attacked infrastructure, be recognized by the victim as a trustee and     use trusted communication channel. (CVE-2022-24349)

  - An authenticated user can create a link with reflected Javascript code inside it for services' page and     send it to other users. The payload can be executed only with a known CSRF token value of the victim,     which is changed periodically and is difficult to predict. Malicious code has access to all the same     objects as the rest of the web page and can make arbitrary modifications to the contents of the page being     displayed to a victim during social engineering attacks. (CVE-2022-24917)

  - An authenticated user can create a link with reflected Javascript code inside it for graphs' page and send     it to other users. The payload can be executed only with a known CSRF token value of the victim, which is     changed periodically and is difficult to predict. Malicious code has access to all the same objects as the     rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a     victim during social engineering attacks. (CVE-2022-24919)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2979 advisory.

  - An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an     unprivileged user could make USBGuard allow all USB devices to be connected in the future.
    (CVE-2019-25058)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2978 advisory.

  - regex is an implementation of regular expressions for the Rust language. The regex crate features built-in     mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched     by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This     guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in     the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing,     and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial     of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted     regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is     include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade     immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic     regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability.
    Because of this, it us not recommend to deny known problematic regexes. (CVE-2022-24713)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2973 advisory.

  - A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to     exfiltrate media files. (CVE-2022-26505)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2976 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2975 advisory.

  - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide     crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of     this flaw is to application availability. (CVE-2020-27842)

  - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially     crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest     threat from this vulnerability is system availability. (CVE-2020-27843)

  - Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of     Service (DoS). This occurs when the attacker uses the command line option -ImgDir on a directory that     contains 1048576 files. (CVE-2021-29338)

  - A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input     directory with a large number of files. When it fails to allocate a buffer to store the filenames of the     input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial     of service. (CVE-2022-1122)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2977 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2972 advisory.

  - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag     directly indicating that the current document may be read but other files may not be opened, which makes     it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
    (CVE-2016-9318)

  - parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
    (CVE-2017-16932)

  - An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62     and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML     file. (CVE-2017-5130)

  - ** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of     service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states I would     disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least     for XML parser. (CVE-2017-5969)

  - valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. (CVE-2022-23308)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5114 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2971 advisory.

  - regex is an implementation of regular expressions for the Rust language. The regex crate features built-in     mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched     by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This     guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in     the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing,     and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial     of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted     regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is     include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade     immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic     regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability.
    Because of this, it us not recommend to deny known problematic regexes. (CVE-2022-24713)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5113 advisory.

  - regex is an implementation of regular expressions for the Rust language. The regex crate features built-in     mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched     by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This     guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in     the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing,     and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial     of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted     regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is     include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade     immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic     regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability.
    Because of this, it us not recommend to deny known problematic regexes. (CVE-2022-24713)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2970 advisory.

  - A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while     processing read/write ioport commands if the selected floppy drive is not initialized with a block device.
    This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of     service. The highest threat from this vulnerability is to system availability. (CVE-2021-20196)

  - An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw     exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the     size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory     disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw     affects libslirp versions prior to 4.6.0. (CVE-2021-3593)

  - A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the     descriptor's address belongs to the non direct access region, due to num_buffers being set after the     virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a     denial of service condition, or potentially execute code on the host with the privileges of the QEMU     process. (CVE-2021-3748)

  - An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE     SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious     guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.
    (CVE-2021-3930)

  - A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached     from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results.
    Affected QEMU versions <= 6.2.0. (CVE-2022-26354)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5112 advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2966 advisory.

  - Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial     of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
    (CVE-2016-9427)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2969 advisory.

  - An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x     through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while     handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing     T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38     re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL     stream and another media stream containing only a codec (which is not permitted according to the chan_sip     configuration). (CVE-2019-13161)

  - An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk     13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system     authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.
    (CVE-2019-18610)

  - An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before     16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to     Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be     hijacked as a result. The only thing that needs to be known is the peer's name; authentication details     such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is     set to the default, or auto_force_rport. (CVE-2019-18790)

  - An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through     13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a     NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. (CVE-2019-18976)

  - An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before     17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an     outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a     loop. This causes Asterisk to consume more and more memory since the transaction will never terminate     (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound     authentication must be configured on the endpoint for this to occur. (CVE-2020-28242)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2968 advisory.

  - zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many     distant matches. (CVE-2018-25032)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5111 advisory.

  - zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many     distant matches. (CVE-2018-25032)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2967 advisory.

  - Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution     via via packet injection or crafted capture file. (CVE-2021-22191)

  - Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via     packet injection or crafted capture file (CVE-2021-4181)

  - Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of     service via packet injection or crafted capture file (CVE-2021-4184)

  - Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via     packet injection or crafted capture file (CVE-2021-4185)

  - Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of     service via packet injection or crafted capture file (CVE-2022-0581)

  - Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows     denial of service via packet injection or crafted capture file (CVE-2022-0582)

  - Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of     service via packet injection or crafted capture file (CVE-2022-0583)

  - Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial     of service via packet injection or crafted capture file (CVE-2022-0585)

  - Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of     service via packet injection or crafted capture file (CVE-2022-0586)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2962 advisory.

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there     are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due     to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed     during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They     cause a crash, resulting in a denial of service. These are fixed in version 2.11.1. (CVE-2021-32686)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming     STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a     subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all     users that use STUN. A malicious actor located within the victim's network may forge and send a specially     crafted UDP (STUN) message that could remotely execute arbitrary code on the victim's machine. Users are     advised to upgrade as soon as possible. There are no known workarounds. (CVE-2021-37706)

  - PJSIP is a free and open source multimedia communication library written in the C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when     error/failure occurs, it is found that the function returns without releasing the currently held locks.
    This could result in a system deadlock, which cause a denial of service for the users. No release has yet     been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users     may need to manually apply the patch. (CVE-2021-41141)

  - Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument     may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
    (CVE-2021-43299)

  - Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument     may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
    (CVE-2021-43300)

  - Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names'     argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size     validation. (CVE-2021-43301)

  - Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename'     argument may cause an out-of-bounds read when the filename is shorter than 4 characters. (CVE-2021-43302)

  - Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may     cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the     output buffer, regardless of the 'maxlen' argument supplied (CVE-2021-43303)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming     RTCP BYE message contains a reason's length, this declared length is not checked against the actual     received packet size, potentially resulting in an out-of-bound read access. This issue affects all users     that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length.
    Users are advised to upgrade as soon as possible. There are no known workarounds. (CVE-2021-43804)

  - PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming     RTCP XR message contain block, the data field is not checked against the received packet size, potentially     resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious     actor can send a RTCP XR message with an invalid packet size. (CVE-2021-43845)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there     are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-     of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch     is available as a commit in the `master` branch. There are no known workarounds. (CVE-2022-21722)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing     an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read     access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in     the `master` branch. There are no known workarounds. (CVE-2022-21723)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including     2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can     potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set     to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior     such as dialog list collision which eventually leading to endless loop. A patch is available in commit     db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known     workarounds for this issue. (CVE-2022-23608)

  - PJSIP is a free and open source multimedia communication library written in C language. In versions prior     to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users     who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has     been patched in the master branch of the PJSIP repository and will be included with the next release.
    Users unable to upgrade need to check that the hashed digest data length must be equal to     `PJSIP_MD5STRLEN` before passing to PJSIP. (CVE-2022-24754)

  - PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior     contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API     `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly     call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on     the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
    (CVE-2022-24764)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2965 advisory.

  - Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of     the sanitize_uri function in lib/functions.php. (CVE-2018-10060)

  - Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag     (these calls occur when the html_escape function in lib/html.php is not used). (CVE-2018-10061)

  - In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value     of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. (CVE-2019-11025)

  - In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted     to that account (e.g., permission to view logs). (CVE-2020-13230)

  - Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2)     data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and     (7) data_input.php. (CVE-2020-23226)

  - Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php,     lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description     parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the     XSS). (CVE-2020-7106)

  - Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or     HTML in the new_username field during creation of a new user via Copy method at user_admin.php.
    (CVE-2021-23225)

  - Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
    (CVE-2022-0730)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2963 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2964 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5110 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5108 advisory.

  - Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in     tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF     file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
    (CVE-2022-0561)

  - Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c     in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users     that compile libtiff from sources, a fix is available with commit 561599c. (CVE-2022-0562)

  - Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted     tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
    (CVE-2022-0865)

  - A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0     allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could     result into application crash, potential information disclosure or any other context-dependent impact     (CVE-2022-0891)

  - Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit f2b656e2. (CVE-2022-0907)

  - Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in     tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
    (CVE-2022-0908)

  - Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
    (CVE-2022-0909)

  - Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
    (CVE-2022-0924)

  - LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a     custom tag and 0x0200 as the second word of the DE field. (CVE-2022-22844)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
160629	Debian DSA-5130-1 : dpdk - security update	critical
160628	Debian DSA-5131-1 : openjdk-11 - security update	high
160540	Debian DSA-5129-1 : firefox-esr - security update	high
160528	Debian DLA-2993-1 : libz-mingw-w64 - LTS security update	high
160525	Debian DSA-5128-1 : openjdk-17 - security update	high
160475	Debian DLA-2992-1 : openvpn - LTS security update	critical
160469	Debian DSA-5127-1 : linux - security update	high
160453	Debian DLA-2990-1 : jackson-databind - LTS security update	high
160409	Debian DLA-2988-1 : tinyxml - LTS security update	high
160408	Debian DLA-2987-1 : libarchive - LTS security update	medium
160402	Debian DSA-5126-1 : ffmpeg - security update	high
160398	Debian DLA-2989-1 : ghostscript - LTS security update	high
160304	Debian DLA-2985-1 : golang-1.7 - LTS security update	critical
160303	Debian DLA-2986-1 : golang-1.8 - LTS security update	critical
160294	Debian DSA-5125-1 : chromium - security update	critical
160199	Debian DSA-5124-1 : ffmpeg - security update	high
160000	Debian DSA-5109-1 : faad2 - security update	high
159906	Debian DSA-5122-1 : gzip - security update	high
159905	Debian DSA-5120-1 : chromium - security update	critical
159904	Debian DSA-5123-1 : xz-utils - security update	high
159898	Debian DSA-5121-1 : chromium - security update	high
159770	Debian DLA-2983-1 : abcm2ps - LTS security update	critical
159762	Debian DLA-2974-1 : fribidi - LTS security update	critical
159742	Debian DLA-2982-1 : python-django - LTS security update	critical
159716	Debian DLA-2981-1 : lrzip - LTS security update	medium
159709	Debian DSA-5119-1 : subversion - security update	medium
159663	Debian DLA-2980-1 : zabbix - LTS security update	medium
159662	Debian DLA-2979-1 : usbguard - LTS security update	high
159636	Debian DLA-2978-1 : thunderbird - LTS security update	high
159632	Debian DLA-2973-1 : minidlna - LTS security update	high
159626	Debian DLA-2976-1 : gzip - LTS security update	high
159625	Debian DLA-2975-1 : openjpeg2 - LTS security update	medium
159624	Debian DLA-2977-1 : xz-utils - LTS security update	high
159615	Debian DLA-2972-1 : libxml2 - LTS security update	high
159602	Debian DSA-5114-1 : chromium - security update	high
159586	Debian DLA-2971-1 : firefox-esr - LTS security update	high
159585	Debian DSA-5113-1 : firefox-esr - security update	high
159511	Debian DLA-2970-1 : qemu - LTS security update	high
159510	Debian DSA-5112-1 : chromium - security update	critical
159474	Debian DLA-2966-1 : libgc - LTS security update	critical
159473	Debian DLA-2969-1 : asterisk - LTS security update	high
159472	Debian DLA-2968-1 : zlib - LTS security update	high
159466	Debian DSA-5111-1 : zlib - security update	high
159397	Debian DLA-2967-1 : wireshark - LTS security update	critical
159329	Debian DLA-2962-1 : pjproject - LTS security update	critical
159321	Debian DLA-2965-1 : cacti - LTS security update	critical
159318	Debian DLA-2963-1 : tzdata - LTS security update	high
159317	Debian DLA-2964-1 : libdatetime-timezone-perl - LTS security update	high
159269	Debian DSA-5110-1 : chromium - security update	high
159229	Debian DSA-5108-1 : tiff - security update	high

Debian Local Security Checks Family for Nessus

critical

high

high

high

high

critical

high

high

high

medium

high

high

critical

critical

critical

high

high

high

critical

high

high

critical

critical

critical

medium

medium

medium

high

high

high

high

medium

high

high

high

high

high

high

critical

critical

high

high

high

critical

critical

critical

high

high

high

high