Debian Linux vulnerabilities

CVE-2020-27770 [MEDIUM] CWE-190 CVE-2020-27770: Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.

CVE-2020-27771 [LOW] CWE-190 CVE-2020-27771: In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf fi

CVE-2020-27775 [LOW] CWE-190 CVE-2020-27775: A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undef

CVE-2020-27773 [LOW] CWE-369 CVE-2020-27773: A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other

CVE-2020-27774 [LOW] CWE-190 CVE-2020-27774: A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file th A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefi

CVE-2020-27772 [LOW] CWE-190 CVE-2020-27772: A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is proc A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined be

CVE-2020-27765 [LOW] CWE-369 CVE-2020-27765: A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw

CVE-2020-27767 [LOW] CWE-190 CVE-2020-27767: A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems r

CVE-2020-27778 [HIGH] CWE-824 CVE-2020-27778: A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.

CVE-2020-14351 [HIGH] CWE-416 CVE-2020-14351: A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem a A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-17527 [HIGH] CWE-200 CVE-2020-17527: While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the

CVE-2020-27783 [MEDIUM] CWE-79 CVE-2020-27783: A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properl A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

CVE-2020-27762 [MEDIUM] CWE-190 CVE-2020-27762: A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is proc A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefine

CVE-2020-27760 [MEDIUM] CWE-369 CVE-2020-27760: In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects I

CVE-2020-27761 [LOW] CWE-190 CVE-2020-27761: WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could l WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low

CVE-2020-27763 [LOW] CWE-369 CVE-2020-27763: A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw af

CVE-2020-27764 [LOW] CWE-190 CVE-2020-27764: In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast s In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact

CVE-2020-27759 [LOW] CWE-190 CVE-2020-27759: In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because

CVE-2020-25638 [HIGH] CWE-89 CVE-2020-25638: A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest th

CVE-2020-27813 [HIGH] CWE-190 CVE-2020-27813: An integer overflow vulnerability exists with the length of websocket frames received via a websocke An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.