Debian Linux vulnerabilities

CVE-2020-27170 [MEDIUM] CWE-203 CVE-2020-27170: An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirabl An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.

CVE-2020-27171 [MEDIUM] CWE-193 CVE-2020-27171: An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one e An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.

CVE-2021-28950 [MEDIUM] CWE-834 CVE-2021-28950: An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.

CVE-2021-28834 [CRITICAL] CVE-2021-28834: Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thu Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.

CVE-2021-25290 [HIGH] CWE-787 CVE-2021-25290: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy w An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

CVE-2021-27928 [HIGH] CWE-94 CVE-2021-27928: A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10 A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep

CVE-2021-28831 [HIGH] CWE-755 CVE-2021-28831: decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result poin decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

CVE-2020-25097 [HIGH] CWE-20 CVE-2020-25097: An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validatio An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.

CVE-2021-3416 [MEDIUM] CWE-835 CVE-2021-3416: A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in ver A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

CVE-2021-27291 [HIGH] CWE-1333 CVE-2021-27291: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on reg In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

CVE-2017-20002 [HIGH] CWE-269 CVE-2017-20002: The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical te The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machin

CVE-2020-17525 [HIGH] CWE-476 CVE-2020-17525: Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with t Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_sv

CVE-2021-28660 [HIGH] CWE-787 CVE-2021-28660: rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging is

CVE-2021-21192 [HIGH] CWE-787 CVE-2021-21192: Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21193 [HIGH] CWE-416 CVE-2021-21193: Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentia Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21191 [HIGH] CWE-416 CVE-2021-21191: Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potenti Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-22191 [HIGH] CWE-74 CVE-2021-22191: Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execut Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.

CVE-2021-28374 [HIGH] CWE-732 CVE-2021-28374: The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's existence, uid and gids, home and/or Maildir directory,

CVE-2020-36279 [HIGH] CWE-125 CVE-2020-36279: Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adapt Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.

CVE-2020-36278 [HIGH] CWE-125 CVE-2020-36278: Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.