Debian Linux vulnerabilities

CVE-2021-3935 [HIGH] CWE-89 CVE-2021-3935: When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject a When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.

CVE-2021-40391 [CRITICAL] CWE-390 CVE-2021-40391: An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-44026 [CRITICAL] CWE-89 CVE-2021-44026: Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.

CVE-2021-39922 [HIGH] CWE-120 CVE-2021-39922: Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denia Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

CVE-2021-21899 [HIGH] CWE-119 CVE-2021-21899: A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCa A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-39929 [HIGH] CWE-674 CVE-2021-39929: Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.1 Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

CVE-2021-21898 [HIGH] CWE-119 CVE-2021-21898: A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-21900 [HIGH] CWE-416 CVE-2021-21900: A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfr A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-39923 [HIGH] CWE-834 CVE-2021-39923: Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of se Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

CVE-2021-39925 [HIGH] CWE-120 CVE-2021-39925: Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allow Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

CVE-2021-39921 [HIGH] CWE-476 CVE-2021-39921: NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allow NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

CVE-2021-39924 [HIGH] CWE-834 CVE-2021-39924: Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows den Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

CVE-2021-39926 [HIGH] CWE-120 CVE-2021-39926: Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of serv Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file

CVE-2021-44025 [MEDIUM] CWE-79 CVE-2021-44025: Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.

CVE-2021-39928 [HIGH] CWE-476 CVE-2021-39928: NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

CVE-2021-43975 [MEDIUM] CWE-787 CVE-2021-43975: In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlant In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.

CVE-2021-43976 [MEDIUM] CVE-2021-43976: In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c a In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).

CVE-2021-43618 [HIGH] CWE-190 CVE-2021-43618: GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.

CVE-2021-22959 [MEDIUM] CWE-444 CVE-2021-22959: The parser in accepts requests with a space (SP) right after the header name before the colon. This The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.

CVE-2021-3918 [CRITICAL] CWE-1321 CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Pro json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')