Debian Linux vulnerabilities

CVE-2020-35480 [MEDIUM] CWE-203 CVE-2020-35480: An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hi An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code pat

CVE-2020-35477 [MEDIUM] CWE-670 CVE-2020-35477: MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one se MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysub

CVE-2020-35479 [MEDIUM] CWE-79 CVE-2020-35479: MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.

CVE-2020-35491 [HIGH] CWE-502 CVE-2020-35491: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

CVE-2020-35490 [HIGH] CWE-502 CVE-2020-35490: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

CVE-2020-26258 [HIGH] CWE-918 CVE-2020-26258: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4. XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. I

CVE-2020-29363 [HIGH] CWE-787 CVE-2020-29363: An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been dis An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the des

CVE-2020-29361 [HIGH] CWE-190 CVE-2020-29361: An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been disc An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.

CVE-2020-26259 [MEDIUM] CWE-78 CVE-2020-26259: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4. XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating th

CVE-2020-29479 [HIGH] CWE-862 CVE-2020-29479: An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal r An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the

CVE-2020-29569 [HIGH] CWE-416 CVE-2020-29569: An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Lin An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the bloc

CVE-2020-29481 [HIGH] CWE-269 CVE-2020-29481: An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfort An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because

CVE-2020-29568 [MEDIUM] CWE-770 CVE-2020-29568: An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are pr An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux,

CVE-2020-29484 [MEDIUM] CWE-476 CVE-2020-29484: An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any communication with xenstored is done via Xenstore message

CVE-2020-29485 [MEDIUM] CWE-401 CVE-2020-29485: An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are vulnerable. Systems using the C Xenstored implementation are

CVE-2020-29566 [MEDIUM] CWE-674 CVE-2020-29566: An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually comple

CVE-2020-29571 [MEDIUM] CWE-476 CVE-2020-29571: An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time function An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer.

CVE-2020-0499 [MEDIUM] CWE-125 CVE-2020-0499: In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070

CVE-2020-29482 [MEDIUM] CWE-426 CVE-2020-29482: An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using absolute paths. oxenstored imposes a pathname limit

CVE-2020-29483 [MEDIUM] CWE-416 CVE-2020-29483: An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's internal management, resulting in the same actions as if the