Debian Linux vulnerabilities

CVE-2020-36193 [HIGH] CWE-22 CVE-2020-36193: Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadeq Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

CVE-2020-28473 [MEDIUM] CWE-444 CVE-2020-28473: The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result

CVE-2021-23926 [CRITICAL] CWE-776 CVE-2021-23926: The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect th The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

CVE-2021-21261 [HIGH] CWE-74 CVE-2021-21261: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.

CVE-2020-16119 [HIGH] CWE-416 CVE-2020-16119: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a D Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.

CVE-2021-24122 [MEDIUM] CWE-200 CVE-2021-24122: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10 When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was

CVE-2020-28374 [HIGH] CWE-22 CVE-2020-28374: In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier che In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The a

CVE-2020-35653 [HIGH] CWE-125 CVE-2020-35653: In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because th In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.

CVE-2020-35459 [HIGH] CWE-78 CVE-2020-35459: An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm histor An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.

CVE-2021-23239 [LOW] CWE-59 CVE-2021-23239: The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitra The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

CVE-2021-0308 [MEDIUM] CWE-787 CVE-2021-0308: In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID:

CVE-2020-26298 [MEDIUM] CWE-74 CVE-2020-26298: Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by

CVE-2021-21110 [CRITICAL] CWE-416 CVE-2021-21110: Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-21111 [CRITICAL] CWE-1021 CVE-2021-21111: Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

CVE-2021-21107 [CRITICAL] CWE-416 CVE-2021-21107: Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote at Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-21109 [CRITICAL] CWE-416 CVE-2021-21109: Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-21106 [CRITICAL] CWE-416 CVE-2021-21106: Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-21108 [CRITICAL] CWE-416 CVE-2021-21108: Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had co Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-21115 [CRITICAL] CWE-416 CVE-2021-21115: User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker w User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-16043 [HIGH] CVE-2020-16043: Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic.