Debian Linux vulnerabilities

CVE-2020-35636 [CRITICAL] CWE-129 CVE-2020-35636: A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL- A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input

CVE-2020-35628 [CRITICAL] CWE-129 CVE-2020-35628: A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL- A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.

CVE-2020-28601 [CRITICAL] CWE-129 CVE-2020-28601: A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL- A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.

CVE-2020-28636 [CRITICAL] CWE-129 CVE-2020-28636: A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL- A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.

CVE-2021-25329 [HIGH] CVE-2021-25329: The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously

CVE-2021-25122 [HIGH] CWE-200 CVE-2021-25122: When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

CVE-2021-25281 [CRITICAL] CWE-287 CVE-2021-25281: An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth crede An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

CVE-2021-3197 [CRITICAL] CWE-74 CVE-2021-3197: An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

CVE-2021-3144 [CRITICAL] CWE-613 CVE-2021-3144: In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

CVE-2021-3148 [CRITICAL] CWE-77 CVE-2021-3148: An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt AP An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.

CVE-2021-25283 [CRITICAL] CWE-94 CVE-2021-25283: An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

CVE-2021-25282 [CRITICAL] CWE-22 CVE-2021-25282: An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write m An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

CVE-2020-28243 [HIGH] CWE-77 CVE-2020-28243: An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.

CVE-2020-35662 [HIGH] CWE-295 CVE-2020-35662: In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL cert In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

CVE-2021-25284 [MEDIUM] CWE-522 CVE-2021-25284: An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credent An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

CVE-2020-28972 [MEDIUM] CWE-295 CVE-2020-28972: In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

CVE-2021-23961 [HIGH] CVE-2021-23961: Further techniques that built on the slipstream research combined with a malicious webpage could hav Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.

CVE-2021-23978 [HIGH] CWE-787 CVE-2021-23978: Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of t Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

CVE-2021-27803 [HIGH] CVE-2021-27803: A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-F A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

CVE-2021-21330 [MEDIUM] CWE-601 CVE-2021-21330: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before ve aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middlewa