Debian Linux vulnerabilities

CVE-2021-42260 [HIGH] CWE-835 CVE-2021-42260: TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the T TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.

CVE-2021-25633 [HIGH] CWE-295 CVE-2021-25633: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting vis LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating t

CVE-2021-37973 [CRITICAL] CWE-416 CVE-2021-37973: Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had c Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-37959 [HIGH] CWE-416 CVE-2021-37959: Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convin Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37975 [HIGH] CWE-416 CVE-2021-37975: Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37974 [HIGH] CWE-416 CVE-2021-37974: Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37956 [HIGH] CWE-416 CVE-2021-37956: Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote att Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37969 [HIGH] CWE-59 CVE-2021-37969: Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 all Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.

CVE-2021-37962 [HIGH] CWE-416 CVE-2021-37962: Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attack Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-41133 [HIGH] CWE-20 CVE-2021-41133: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary,

CVE-2021-37972 [HIGH] CWE-125 CVE-2021-37972: Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37970 [HIGH] CWE-416 CVE-2021-37970: Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker t Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37961 [HIGH] CWE-416 CVE-2021-37961: Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to pote Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37957 [HIGH] CWE-416 CVE-2021-37957: Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potenti Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37965 [MEDIUM] CVE-2021-37965: Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-37971 [MEDIUM] CWE-1021 CVE-2021-37971: Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote atta Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2021-37976 [MEDIUM] CWE-862 CVE-2021-37976: Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attac Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2021-37966 [MEDIUM] CWE-346 CVE-2021-37966: Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowe Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2021-37968 [MEDIUM] CWE-203 CVE-2021-37968: Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-37967 [MEDIUM] CWE-346 CVE-2021-37967: Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.