Debian Linux vulnerabilities

CVE-2021-21182 [MEDIUM] CWE-863 CVE-2021-21182: Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remo Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

CVE-2021-21183 [MEDIUM] CWE-346 CVE-2021-21183: Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a re Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-21178 [MEDIUM] CVE-2021-21178: Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389 Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2021-20243 [MEDIUM] CWE-369 CVE-2021-20243: A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

CVE-2021-20245 [MEDIUM] CWE-369 CVE-2021-20245: A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is pro A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

CVE-2021-21164 [MEDIUM] CWE-346 CVE-2021-21164: Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-21189 [MEDIUM] CVE-2021-21189: Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2021-21186 [MEDIUM] CWE-863 CVE-2021-21186: Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.

CVE-2021-21181 [MEDIUM] CWE-203 CVE-2021-21181: Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2021-20255 [MEDIUM] CWE-835 CVE-2021-20255: A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emu A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threa

CVE-2021-21173 [MEDIUM] CWE-203 CVE-2021-21173: Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-20244 [MEDIUM] CWE-369 CVE-2021-20244: A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted fi A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

CVE-2021-21177 [MEDIUM] CWE-732 CVE-2021-21177: Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2021-21163 [MEDIUM] CWE-346 CVE-2021-21163: Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.

CVE-2021-21295 [MEDIUM] CWE-444 CVE-2021-21295: Netty is an open-source, asynchronous event-driven network application framework for rapid developme Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 req

CVE-2021-21170 [MEDIUM] CVE-2021-21170: Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2021-27364 [HIGH] CWE-125 CVE-2021-27364: An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is a An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.

CVE-2021-27365 [HIGH] CWE-787 CVE-2021-27365: An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not hav An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.

CVE-2021-27363 [MEDIUM] CVE-2021-27363: An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to det An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. Whe

CVE-2021-28038 [MEDIUM] CVE-2021-28038: An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of t An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issu