Find the information you need for your favorite open source distribution .
Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy.
XStream serializes Java objects to XML and back again. Versions prior to 1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream. The attack uses the hash code implementation for
It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands. For the stable distribution (bullseye), this problem has been fixed in
It was found that those using java.sql.Statement or java.sql.PreparedStatement in hsqldb, a Java SQL database, to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The
Several flaws have been discovered in libjettison-java, a collection of StAX parsers and writers for JSON. Specially crafted user input may cause a denial of service via out-of-memory or stack overflow errors.
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling, cache poisoning or denial of service.
It was discovered that ruby-image-processing, a ruby package that provides higher-level image processing helpers, is prone to a remote shell execution vulnerability when using the #apply method to apply a series of operations coming from unsanitized user input.
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-42852
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42852
