Debian Linux vulnerabilities

CVE-2020-21675 [MEDIUM] CWE-787 CVE-2020-21675: A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows atta A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.

CVE-2020-21676 [MEDIUM] CWE-787 CVE-2020-21676: A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b al A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.

CVE-2020-21697 [MEDIUM] CWE-416 CVE-2020-21697: A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 a A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.

CVE-2021-37620 [MEDIUM] CWE-125 CVE-2021-37620: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability

CVE-2021-32815 [MEDIUM] CWE-617 CVE-2021-32815: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into runnin

CVE-2021-37622 [MEDIUM] CWE-835 CVE-2021-37622: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause

CVE-2021-37621 [MEDIUM] CWE-835 CVE-2021-37621: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause

CVE-2021-34334 [MEDIUM] CWE-835 CVE-2021-34334: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2

CVE-2021-38199 [MEDIUM] CVE-2021-38199: fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.

CVE-2021-38204 [MEDIUM] CWE-416 CVE-2021-38204: drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attacke drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.

CVE-2021-36221 [MEDIUM] CWE-362 CVE-2021-36221: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

CVE-2021-38198 [MEDIUM] CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access pe arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.

CVE-2021-38205 [LOW] CWE-824 CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).

CVE-2021-38173 [CRITICAL] CWE-77 CVE-2021-38173: Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SS Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.

CVE-2021-38160 [HIGH] CWE-120 CVE-2021-38160: In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be t In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in

CVE-2021-38166 [HIGH] CWE-190 CVE-2021-38166: In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of- In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.

CVE-2021-38165 [MEDIUM] CWE-522 CVE-2021-38165: Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to d Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.

CVE-2021-3580 [HIGH] CWE-20 CVE-2021-3580: A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

CVE-2021-3682 [HIGH] CWE-763 CVE-2021-3682: A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It o A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code

CVE-2021-3566 [MEDIUM] CWE-200 CVE-2021-3566: Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).