Debian Linux vulnerabilities

CVE-2020-27918 [HIGH] CWE-416 CVE-2020-27918: A use after free issue was addressed with improved memory management. This issue is fixed in macOS B A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-25674 [MEDIUM] CWE-122 CVE-2020-25674: WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logg

CVE-2020-25665 [MEDIUM] CWE-122 CVE-2020-25665: The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine Wr The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects Imag

CVE-2020-25676 [MEDIUM] CWE-190 CVE-2020-25676: In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and In In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-ran

CVE-2020-27750 [MEDIUM] CWE-369 CVE-2020-27750: A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An atta A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availa

CVE-2020-1971 [MEDIUM] CWE-476 CVE-2020-1971: The X.509 GeneralName type is a generic type for representing different types of names. One of those The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A

CVE-2020-27821 [MEDIUM] CWE-787 CVE-2020-27821: A flaw was found in the memory management API of QEMU during the initialization of a memory region c A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions

CVE-2020-25675 [LOW] CWE-190 CVE-2020-25675: In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other probl

CVE-2020-25666 [LOW] CWE-190 CVE-2020-25666: There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is poss There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagi

CVE-2020-27757 [LOW] CWE-190 CVE-2020-27757: A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low beca

CVE-2020-27754 [LOW] CWE-190 CVE-2020-27754: In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could r In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event

CVE-2020-27758 [LOW] CWE-190 CVE-2020-27758: A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is proc A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefi

CVE-2020-27818 [LOW] CWE-120 CVE-2020-27818: A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a ma A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

CVE-2020-27751 [LOW] CWE-190 CVE-2020-27751: A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted fi A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to applicati

CVE-2020-29600 [CRITICAL] CVE-2020-29600: In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.

CVE-2020-29599 [HIGH] CWE-91 CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which all ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.

CVE-2020-28935 [MEDIUM] CWE-59 CVE-2020-28935: NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including vers NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would

CVE-2020-27766 [HIGH] CWE-190 CVE-2020-27766: A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file th A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to

CVE-2020-29565 [MEDIUM] CWE-601 CVE-2020-29565: An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.

CVE-2020-28916 [MEDIUM] CWE-835 CVE-2020-28916: hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer addr hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.