Debian Linux vulnerabilities

CVE-2021-39261 [HIGH] CWE-787 CVE-2021-39261: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.

CVE-2021-33287 [HIGH] CWE-787 CVE-2021-33287: In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntf In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.

CVE-2021-39263 [HIGH] CWE-787 CVE-2021-39263: A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.

CVE-2021-35268 [HIGH] CWE-787 CVE-2021-35268: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_ In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

CVE-2021-39260 [HIGH] CWE-787 CVE-2021-39260: A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NT A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.

CVE-2021-39253 [HIGH] CWE-125 CVE-2021-39253: A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22 A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.

CVE-2021-39257 [MEDIUM] CWE-674 CVE-2021-39257: A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.

CVE-2021-40516 [HIGH] CWE-125 CVE-2021-40516: WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebS WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin.

CVE-2021-40490 [HIGH] CWE-362 CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsys A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.

CVE-2021-39191 [MEDIUM] CWE-601 CVE-2021-39191: mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that funct mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supply

CVE-2021-40491 [MEDIUM] CVE-2021-40491: The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV respons The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.

CVE-2021-36052 [HIGH] CWE-788 CVE-2021-36052: XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potential XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

CVE-2021-33582 [HIGH] CWE-407 CVE-2021-33582: Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

CVE-2021-36055 [HIGH] CWE-416 CVE-2021-36055: XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that co XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-36064 [HIGH] CWE-124 CVE-2021-36064: XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-36046 [HIGH] CWE-788 CVE-2021-36046: XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potential XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

CVE-2021-36056 [HIGH] CWE-122 CVE-2021-36056: XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentia XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

CVE-2021-39847 [HIGH] CWE-121 CVE-2021-39847: XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerabil XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

CVE-2021-36048 [HIGH] CWE-20 CVE-2021-36048: XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerabili XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

CVE-2021-36050 [HIGH] CWE-122 CVE-2021-36050: XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentia XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.