Debian Linux vulnerabilities

CVE-2020-29570 [MEDIUM] CWE-770 CVE-2020-29570: An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maint An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting th

CVE-2020-29486 [MEDIUM] CWE-770 CVE-2020-29486: An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory A malicious guest administrator can

CVE-2020-29480 [LOW] CWE-862 CVE-2020-29480: An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission c An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest administrator can also use the special watches, which will cause a

CVE-2020-8231 [HIGH] CWE-416 CVE-2020-8231: Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when se Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

CVE-2020-8177 [HIGH] CWE-99 CVE-2020-8177: curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resour curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

CVE-2020-8286 [HIGH] CWE-295 CVE-2020-8286: curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insu curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

CVE-2020-8285 [HIGH] CWE-674 CVE-2020-8285: curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

CVE-2020-8169 [HIGH] CWE-200 CVE-2020-8169: curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

CVE-2020-8284 [LOW] CWE-200 CVE-2020-8284: A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting ba A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

CVE-2020-35176 [MEDIUM] CVE-2020-35176: In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.

CVE-2020-7788 [CRITICAL] CWE-1321 CVE-2020-7788: This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an applica This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

CVE-2020-26421 [MEDIUM] CWE-125 CVE-2020-26421: Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3. Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

CVE-2020-27825 [MEDIUM] CWE-362 CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). The A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.

CVE-2020-26418 [MEDIUM] CWE-401 CVE-2020-26418: Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of servi Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

CVE-2020-29668 [LOW] CWE-287 CVE-2020-29668: Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitra Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.

CVE-2020-29661 [HIGH] CWE-416 CVE-2020-29661: A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/ A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

CVE-2020-16587 [MEDIUM] CWE-787 CVE-2020-16587: A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in ch A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.

CVE-2020-16589 [MEDIUM] CWE-787 CVE-2020-16589: A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.

CVE-2020-16588 [MEDIUM] CWE-476 CVE-2020-16588: A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePrevie A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.

CVE-2020-29660 [MEDIUM] CWE-416 CVE-2020-29660: A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.