Debian: DSA-5243-1: lighttpd security update
Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint. CVE-2022-37797
Find the information you need for your favorite open source distribution .
Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint. CVE-2022-37797
It was discovered that the Commandline class in maven-shared-utils, a collection of various utility classes for the Maven build system, can emit double-quoted strings without proper escaping, allowing shell injection attacks.
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-32886
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-32886
A heap-based buffer overflow vulnerability was discovered in gdal, a Geospatial Data Abstraction Library, which could result in denial of service or potentially the execution of arbitrary code, if a specially crafted file is processed with the PCIDSK driver.
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed in
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, CSP bypass or session fixation.
Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.
Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2022-2795