Debian Linux vulnerabilities

CVE-2021-21208 [MEDIUM] CWE-20 CVE-2021-21208: Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.

CVE-2021-21219 [MEDIUM] CWE-252 CVE-2021-21219: Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obt Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

CVE-2021-21218 [MEDIUM] CWE-908 CVE-2021-21218: Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obt Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

CVE-2021-21215 [MEDIUM] CWE-290 CVE-2021-21215: Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote att Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

CVE-2021-21216 [MEDIUM] CWE-290 CVE-2021-21216: Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote att Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

CVE-2021-21222 [MEDIUM] CWE-787 CVE-2021-21222: Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

CVE-2021-21209 [MEDIUM] CWE-346 CVE-2021-21209: Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote atta Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-21212 [MEDIUM] CVE-2021-21212: Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowe Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.

CVE-2021-21211 [MEDIUM] CWE-346 CVE-2021-21211: Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a r Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-21217 [MEDIUM] CWE-252 CVE-2021-21217: Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obt Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

CVE-2021-29473 [LOW] CWE-125 CVE-2021-29473: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered w

CVE-2021-31598 [HIGH] CWE-787 CVE-2021-31598: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.

CVE-2021-22204 [HIGH] CWE-94 CVE-2021-22204: Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

CVE-2021-22207 [MEDIUM] CWE-770 CVE-2021-22207: Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 all Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file

CVE-2021-23133 [HIGH] CWE-362 CVE-2021-23133: A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This c

CVE-2021-2163 [MEDIUM] CVE-2021-2163: Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated atta

CVE-2021-2161 [MEDIUM] CVE-2021-2161: Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated atta

CVE-2021-1076 [HIGH] CVE-2021-1076: NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kerne NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.

CVE-2021-29155 [MEDIUM] CWE-125 CVE-2021-29155: An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirab An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modifica

CVE-2021-3506 [HIGH] CWE-125 CVE-2021-3506: An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linu An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system avail