Debian Linux vulnerabilities

CVE-2021-1095 [MEDIUM] CWE-476 CVE-2021-1095: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (n NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.

CVE-2021-2388 [HIGH] CVE-2021-2388: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise

CVE-2021-32761 [HIGH] CWE-125 CVE-2021-32761: Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read a Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, l

CVE-2020-19609 [MEDIUM] CWE-787 CVE-2020-19609: Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function wh Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.

CVE-2021-37159 [MEDIUM] CWE-415 CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_net hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.

CVE-2021-2369 [MEDIUM] CVE-2021-2369: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to com

CVE-2021-2341 [LOW] CVE-2021-2341: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to c

CVE-2021-22235 [HIGH] CWE-835 CVE-2021-22235: Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file

CVE-2021-3246 [HIGH] CWE-787 CVE-2021-3246: A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers t A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.

CVE-2019-25051 [HIGH] CWE-787 CVE-2019-25051: objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).

CVE-2021-33909 [HIGH] CWE-190 CVE-2021-33909: fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq b fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

CVE-2021-33910 [MEDIUM] CWE-770 CVE-2021-33910: basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with a basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

CVE-2020-36426 [HIGH] CWE-125 CVE-2020-36426: An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over- An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

CVE-2020-36423 [HIGH] CWE-319 CVE-2020-36423: An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext becau An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.

CVE-2020-36422 [MEDIUM] CWE-203 CVE-2020-36422: An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC priv An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.

CVE-2020-36425 [MEDIUM] CWE-295 CVE-2020-36425: An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check wh An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.

CVE-2020-36424 [MEDIUM] CWE-203 CVE-2020-36424: An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RS An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.

CVE-2020-36421 [MEDIUM] CWE-203 CVE-2020-36421: An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponent An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.

CVE-2021-36773 [HIGH] CWE-674 CVE-2021-36773: uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).

CVE-2021-32743 [HIGH] CWE-202 CVE-2021-32743: Icinga is a monitoring system which checks the availability of network resources, notifies users of Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to a