Debian Linux vulnerabilities

CVE-2019-25041 [HIGH] CWE-617 CVE-2019-25041: Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

CVE-2019-25040 [HIGH] CWE-835 CVE-2019-25040: Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vend Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

CVE-2019-25036 [HIGH] CWE-617 CVE-2019-25036: Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The ven Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

CVE-2019-25031 [MEDIUM] CWE-74 CVE-2019-25031: Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successfu Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configurati

CVE-2021-21226 [CRITICAL] CWE-416 CVE-2021-21226: Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who ha Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-21223 [CRITICAL] CWE-190 CVE-2021-21223: Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had co Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-21201 [CRITICAL] CWE-416 CVE-2021-21201: Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who h Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-21214 [HIGH] CWE-416 CVE-2021-21214: Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to po Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

CVE-2021-21202 [HIGH] CWE-416 CVE-2021-21202: Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convince Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

CVE-2021-21207 [HIGH] CWE-416 CVE-2021-21207: Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

CVE-2021-21205 [HIGH] CVE-2021-21205: Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2021-21224 [HIGH] CWE-843 CVE-2021-21224: Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arb Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2021-3472 [HIGH] CWE-191 CVE-2021-3472: A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xs A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-15078 [HIGH] CWE-305 CVE-2020-15078: OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access con OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

CVE-2021-21204 [HIGH] CWE-416 CVE-2021-21204: Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21213 [HIGH] CWE-416 CVE-2021-21213: Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potent Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21225 [HIGH] CWE-787 CVE-2021-21225: Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker t Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21203 [HIGH] CWE-416 CVE-2021-21203: Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentia Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21210 [MEDIUM] CVE-2021-21210: Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote atta Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.

CVE-2021-21221 [MEDIUM] CWE-20 CVE-2021-21221: Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.