Debian Linux vulnerabilities

CVE-2021-20181 [HIGH] CWE-367 CVE-2021-20181: A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.

CVE-2021-31215 [HIGH] CVE-2021-31215: SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.

CVE-2020-27823 [HIGH] CWE-20 CVE-2020-27823: A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y o A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2020-27830 [MEDIUM] CWE-476 CVE-2020-27830: A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would d A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.

CVE-2021-20221 [MEDIUM] CWE-125 CVE-2021-20221: An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields

CVE-2020-27824 [MEDIUM] CWE-20 CVE-2020-27824: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

CVE-2021-32921 [MEDIUM] CWE-362 CVE-2021-32921: An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comp An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.

CVE-2020-25713 [MEDIUM] CWE-20 CVE-2020-25713: A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_wri A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.

CVE-2021-32917 [MEDIUM] CWE-862 CVE-2021-32917: An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by defaul An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.

CVE-2020-27840 [HIGH] CWE-125 CVE-2020-27840: A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be i A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

CVE-2021-23134 [HIGH] CWE-416 CVE-2021-23134: Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

CVE-2021-20277 [HIGH] CWE-125 CVE-2021-20277: A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can le A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

CVE-2021-29509 [HIGH] CVE-2021-29509: Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was inco Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy p

CVE-2021-20312 [HIGH] CWE-190 CVE-2021-20312: A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

CVE-2021-20313 [HIGH] CWE-200 CVE-2021-20313: A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculat A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

CVE-2021-20309 [HIGH] CWE-369 CVE-2021-20309: A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zer A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

CVE-2021-3504 [MEDIUM] CWE-125 CVE-2021-3504: A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bound A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is

CVE-2020-26139 [MEDIUM] CWE-287 CVE-2020-26139: An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to o An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities i

CVE-2020-26147 [MEDIUM] CVE-2020-26147: An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reas An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is u

CVE-2020-24587 [LOW] CWE-327 CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically