Debian LTS Essential and Critical Security Patch Updates - Page 3
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Mate Kukri discovered the Debian build of EDK2, a UEFI firmware implementation, used an insecure default configuration which could result in Secure Boot bypass via the UEFI shell.
Gunicorn, an event-based HTTP/WSGI server, fails to properly validate Transfer- Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due
Multiple vulnerabilities have been fixed in the Name Service Cache Daemon that is built by the GNU C library and shipped in the nscd binary package. CVE-2024-33599
Mojolicious is a Perl Web Application Framework built around the familiar Model-View-Controller philosophy. It supports a simple single file mode via Mojolicious::Lite, RESTful routes, plugins, Perl-ish templates, session management, signed cookies, a testing framework, internationalization, first
A vulnerability was discovered in GNU Emacs, the extensible, customisable, self-documenting display editor. The org-link-expand-abbrev function expanded a %(...) link abbrev even
A vulnerability was discovered in Org-mode, a GNU Emacs major mode for keeping notes, authoring documents, and maintaining to-do lists. The org-link-expand-abbrev function expanded a %(...) link abbrev even
Multiple vulnerabilities havebenn fixed in DCMTK, a collection of libraries and applications implementing large parts the DICOM standard for medical images.
Several flaws were discovered in dlt-daemon, a Diagnostic Log and Trace logging daemon. Buffer overflows and memory leaks may lead to a denial of service or other unspecified impact.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Multiple vulnerabilities were found in git, a fast, scalable and distributed revision control system. CVE-2019-1387
Several vulnerabilities were discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Several vulnerabilities were discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Julien Viet discovered that Netty, a Java NIO client/server socket framework, was vulnerable to allocation of resources without limits or throttling due to the accumulation of data in the HttpPostRequestDecoder. This would allow an attacker to cause a denial of service.
A biased ECDSA nonce generation allowed an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's
Fixing CVE-2023-51765 (smtp smuggling) requires to reject email that include NUL bytes, in some configuration. Previous security version of sendmail, by default, does not
It was discovered that there were a number of command-line injection vulnerabilities in Composer, a popular dependency manager for PHP. The 'install', 'status', 'reinstall' and 'remove' functionality had
It was discovered that there was a buffer overflow vulnerability in libndp, a library for implementing IPv6's "Neighbor Discovery Protocol" (NDP) and is used by Network Manager and other networking tools.
PHP, a widely-used open source general purpose scripting language, is affected by a security problem when parsing certain types of URLs. Due to a code logic error filtering functions such as filter_var when
Cross-site scripting (XSS) vulnerabilities were discovered in Roundcube, a skinnable AJAX based webmail solution for IMAP servers, which could allow a remote attacker to load arbitrary JavaScript code and might lead to privilege escalation or information disclosure.