Debian Linux vulnerabilities

CVE-2021-43784 [MEDIUM] CWE-190 CVE-2021-43784: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the enco

CVE-2021-44227 [HIGH] CWE-352 CVE-2021-44227: In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin req In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

CVE-2019-8922 [HIGH] CWE-787 CVE-2019-8922: A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any che A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple

CVE-2021-21707 [MEDIUM] CWE-159 CVE-2021-21707: In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing f In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently fro

CVE-2019-8921 [MEDIUM] CWE-345 CVE-2019-8921: An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the functio

CVE-2021-28704 [HIGH] CVE-2021-28704: PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text ex PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of in

CVE-2021-28706 [HIGH] CWE-770 CVE-2021-28706: guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence sma

CVE-2021-28709 [HIGH] CVE-2021-28709: issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain

CVE-2021-28708 [HIGH] CVE-2021-28708: PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text ex PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of in

CVE-2021-28707 [HIGH] CVE-2021-28707: PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text ex PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of in

CVE-2021-28705 [HIGH] CWE-755 CVE-2021-28705: issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control

CVE-2021-38002 [CRITICAL] CWE-416 CVE-2021-38002: Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-38001 [HIGH] CWE-843 CVE-2021-38001: Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37997 [HIGH] CWE-416 CVE-2021-37997: Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convi Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-38003 [HIGH] CWE-755 CVE-2021-38003: Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37998 [HIGH] CWE-416 CVE-2021-37998: Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacke Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-38000 [MEDIUM] CWE-601 CVE-2021-38000: Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638 Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.

CVE-2021-38004 [MEDIUM] CWE-668 CVE-2021-38004: Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-37999 [MEDIUM] CWE-79 CVE-2021-37999: Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.

CVE-2021-44143 [CRITICAL] CWE-787 CVE-2021-44143: A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.