The Qualys Research Team discovered a race condition in the snapd-confine binary which could result in local privilege escalation. For the stable distribution (bullseye), this problem has been fixed in
Apache Commons Configuration, a Java library providing a generic configuration interface, performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that
Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting
Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed in