Debian Linux vulnerabilities

CVE-2020-36310 [MEDIUM] CWE-835 CVE-2020-36310: An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_r An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.

CVE-2020-36311 [MEDIUM] CVE-2020-36311: An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to c An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.

CVE-2021-30164 [CRITICAL] CVE-2021-30164: Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permissio Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.

CVE-2021-30163 [HIGH] CVE-2021-30163: Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projec Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.

CVE-2021-30130 [HIGH] CWE-347 CVE-2021-30130: phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.

CVE-2019-25026 [MEDIUM] CVE-2019-25026: Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.

CVE-2021-30158 [MEDIUM] CWE-287 CVE-2021-30158: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the toke

CVE-2020-36308 [MEDIUM] CWE-74 CVE-2020-36308: Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visibl Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.

CVE-2020-36307 [MEDIUM] CWE-79 CVE-2020-36307: Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.

CVE-2021-30154 [MEDIUM] CWE-79 CVE-2021-30154: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Spec An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS.

CVE-2021-30151 [MEDIUM] CWE-79 CVE-2021-30151: Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature w Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.

CVE-2021-30157 [MEDIUM] CWE-79 CVE-2021-30157: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Chan An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.

CVE-2020-36306 [MEDIUM] CWE-79 CVE-2020-36306: Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.

CVE-2021-28688 [MEDIUM] CWE-665 CVE-2021-28688: The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't u The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent

CVE-2021-28658 [MEDIUM] CWE-22 CVE-2021-28658: In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed direct In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

CVE-2021-20307 [CRITICAL] CWE-134 CVE-2021-20307: Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlie Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.

CVE-2021-20308 [CRITICAL] CVE-2021-20308: Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.

CVE-2021-20305 [HIGH] CWE-327 CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification fun A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing

CVE-2021-1871 [CRITICAL] CVE-2021-1871: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, S A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVE-2021-1788 [HIGH] CWE-416 CVE-2021-1788: A use after free issue was addressed with improved memory management. This issue is fixed in macOS B A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.