Debian Linux vulnerabilities

CVE-2021-3653 [HIGH] CWE-862 CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs whe A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt

CVE-2021-40716 [MEDIUM] CWE-125 CVE-2021-40716: XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability t XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-22947 [MEDIUM] CWE-310 CVE-2021-22947: When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *b

CVE-2021-20317 [MEDIUM] CWE-665 CVE-2021-20317: A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.

CVE-2021-22945 [CRITICAL] CWE-415 CVE-2021-22945: When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances errone When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

CVE-2021-32277 [HIGH] CWE-787 CVE-2021-32277: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_q An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.

CVE-2021-32273 [HIGH] CWE-787 CVE-2021-32273: An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftyp An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.

CVE-2021-38300 [HIGH] CVE-2021-38300: arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.

CVE-2021-32272 [HIGH] CWE-787 CVE-2021-32272: An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.

CVE-2021-32278 [HIGH] CWE-787 CVE-2021-32278: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_pr An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.

CVE-2021-32274 [HIGH] CWE-787 CVE-2021-32274: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_q An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.

CVE-2021-32280 [MEDIUM] CWE-476 CVE-2021-32280: An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8.

CVE-2020-21913 [MEDIUM] CWE-416 CVE-2020-21913: International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bu International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.

CVE-2021-32276 [MEDIUM] CWE-476 CVE-2021-32276: An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function g An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.

CVE-2021-40690 [HIGH] CWE-200 CVE-2021-40690: All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.

CVE-2021-41073 [HIGH] CWE-763 CVE-2021-41073: loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain pri loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation.

CVE-2021-3805 [HIGH] CWE-1321 CVE-2021-3805: object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Pro object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVE-2021-3803 [HIGH] CWE-1333 CVE-2021-3803: nth-check is vulnerable to Inefficient Regular Expression Complexity nth-check is vulnerable to Inefficient Regular Expression Complexity

CVE-2021-40438 [CRITICAL] CWE-918 CVE-2021-40438: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-39275 [CRITICAL] CWE-787 CVE-2021-39275: ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modu ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.