Debian Linux vulnerabilities

CVE-2020-27844 [HIGH] CWE-20 CVE-2020-27844: A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2020-27842 [MEDIUM] CWE-125 CVE-2020-27842: There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provi There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.

CVE-2020-27841 [MEDIUM] CWE-122 CVE-2020-27841: There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is a There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.

CVE-2020-27843 [MEDIUM] CWE-125 CVE-2020-27843: A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide spe A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.

CVE-2020-27845 [MEDIUM] CWE-125 CVE-2020-27845: There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is abl There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.

CVE-2020-36158 [MEDIUM] CWE-120 CVE-2020-36158: mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel t mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.

CVE-2020-25275 [HIGH] CWE-20 CVE-2020-25275: Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an applicatio Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

CVE-2020-35965 [HIGH] CWE-787 CVE-2020-35965: decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in cal decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.

CVE-2019-25013 [MEDIUM] CWE-125 CVE-2019-25013: The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid mu The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

CVE-2020-24386 [MEDIUM] CVE-2020-24386: An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).

CVE-2020-12658 [CRITICAL] CWE-667 CVE-2020-12658: gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_ma gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate wh

CVE-2020-26247 [MEDIUM] CWE-611 CVE-2020-26247: Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector suppo Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This be

CVE-2019-15523 [MEDIUM] CWE-252 CVE-2019-15523: An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return val An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API.

CVE-2020-35730 [MEDIUM] CWE-79 CVE-2020-35730: An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x befor An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.

CVE-2020-35738 [MEDIUM] CWE-190 CVE-2020-35738: WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.

CVE-2020-35728 [HIGH] CWE-502 CVE-2020-35728: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

CVE-2020-28169 [HIGH] CWE-732 CVE-2020-28169: The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges becaus The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.

CVE-2020-35605 [CRITICAL] CVE-2020-35605: The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execut The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.

CVE-2020-35573 [HIGH] CWE-834 CVE-2020-35573: srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.

CVE-2020-35475 [HIGH] CWE-79 CVE-2020-35475: In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can co In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is esca