Debian Linux vulnerabilities

CVE-2021-21838 [HIGH] CWE-680 CVE-2021-21838: Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user

CVE-2021-21846 [HIGH] CWE-680 CVE-2021-21846: Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker ca

CVE-2021-21839 [HIGH] CWE-680 CVE-2021-21839: Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user

CVE-2021-21857 [HIGH] CWE-680 CVE-2021-21857: Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convinc

CVE-2021-21858 [HIGH] CWE-680 CVE-2021-21858: Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convinc

CVE-2021-21854 [HIGH] CWE-680 CVE-2021-21854: Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convinc

CVE-2021-21853 [HIGH] CWE-680 CVE-2021-21853: Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convinc

CVE-2021-32728 [MEDIUM] CWE-295 CVE-2021-32728: The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. C The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certific

CVE-2021-39240 [HIGH] CVE-2021-39240: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It do An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from what the routing rules were intended to achieve.

CVE-2021-39242 [HIGH] CWE-755 CVE-2021-39242: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It ca An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.

CVE-2021-39241 [MEDIUM] CVE-2021-39241: An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such as in the "GET /admin? HTTP/1.1 /static/images HTTP/1.1" exampl

CVE-2021-21861 [HIGH] CWE-680 CVE-2021-21861: An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of t An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can

CVE-2021-21860 [HIGH] CWE-680 CVE-2021-21860: An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of t An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function with

CVE-2021-21859 [HIGH] CWE-680 CVE-2021-21859: An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of t An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability.

CVE-2021-33193 [HIGH] CVE-2021-33193: A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

CVE-2021-22940 [HIGH] CWE-416 CVE-2021-22940: Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attack Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

CVE-2021-22939 [MEDIUM] CWE-295 CVE-2021-22939: If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthori If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

CVE-2021-37695 [MEDIUM] CWE-79 CVE-2021-37695: ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEdi

CVE-2021-38291 [HIGH] CWE-617 CVE-2021-38291: FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion fai FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.

CVE-2020-21688 [HIGH] CWE-416 CVE-2020-21688: A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.