Debian Linux vulnerabilities

CVE-2021-3498 [HIGH] CWE-119 CVE-2021-3498: GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

CVE-2021-3497 [HIGH] CWE-416 CVE-2021-3497: GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

CVE-2021-29457 [HIGH] CWE-122 CVE-2021-29457: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain

CVE-2021-29458 [MEDIUM] CWE-125 CVE-2021-29458: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability t

CVE-2021-31347 [MEDIUM] CWE-91 CVE-2021-31347: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorr An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).

CVE-2021-31348 [MEDIUM] CWE-125 CVE-2021-31348: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorr An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).

CVE-2021-20288 [HIGH] CWE-287 CVE-2021-20288: An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_ An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reu

CVE-2021-29447 [MEDIUM] CWE-611 CVE-2021-29447: Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploi Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with t

CVE-2021-29450 [MEDIUM] CWE-200 CVE-2021-29450: Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates

CVE-2021-31229 [MEDIUM] CWE-787 CVE-2021-31229: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs inc An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.

CVE-2020-36322 [MEDIUM] CWE-459 CVE-2020-36322: An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.

CVE-2021-29338 [MEDIUM] CWE-190 CVE-2021-29338: Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Deni Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

CVE-2021-29425 [MEDIUM] CWE-20 CVE-2021-29425: In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper i In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to constru

CVE-2021-30485 [MEDIUM] CWE-476 CVE-2021-30485: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsi An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.

CVE-2021-30152 [MEDIUM] CWE-269 CVE-2021-30152: An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When us An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.

CVE-2021-30155 [MEDIUM] CWE-862 CVE-2021-30155: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Content An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.

CVE-2021-30159 [MEDIUM] CVE-2021-30159: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users c An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() w

CVE-2021-1405 [HIGH] CWE-120 CVE-2021-1405: A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit

CVE-2021-29154 [HIGH] CWE-77 CVE-2021-29154: BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacem BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.

CVE-2021-3482 [MEDIUM] CWE-20 CVE-2021-3482: A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.