Debian LTS Linux Distribution - Page 40
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
The Qualys Research Labs discovered that an attacker-controlled allocation using the alloca() function could result in memory corruption, allowing to crash systemd and hence the entire operating system.
Several vulnerabilities were discovered in rabbitmq-server, a message-broker software. CVE-2017-4965
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. CVE-2021-30547
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Several vulnerabilities were discovered in php5, a server-side, HTML-embedded scripting language. An attacker could cause denial of service (DoS), memory corruption and potentially execution of arbitrary code, and server-side request forgery (SSRF) bypass.
One security issue has been discovered in sogo. SOGo does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when
Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour.
Multiple issues have been discovered in scilab, particularly in ezXML embedded library: CVE-2021-30485
A vulnerability in XStream, a Java library to serialize objects to and from XML, may allow a remote attacker to execute commands of the host only by manipulating the processed input stream.
The ieee-data package, which provides the OUI and IAB listings of identifiers assigned by IEEE Standards Association, ships a script (update-ieee-data) which queries ieee.org to download the most recent dataset and save it to /var/lib/ieee-data/.
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault.
Several vulnerabilities were discovered in OpenEXR, a library and tools for the OpenEXR high dynamic-range (HDR) image format. An attacker could cause a denial of service (DoS) through application crash and excessive memory consumption.
A buffer overflow was discovered in HTMLDOC, a HTML processor that generates indexed HTML, PS, and PDF, which could potentially result in the execution of arbitrary code. In addition a number of crashes were addressed.
An issue has been found in ipmitool, an utility for IPMI control with kernel driver or LAN interface. Neglecting proper checking of input data might result in buffer overflows
An issue has been found in node-bl, a Node.js module to access multiple buffers with Buffer interface. Due to a buffer over-read, uninitialized memory might be exposed by
A vulnerbility has been found in fluidsynth, a real-time MIDI software synthesizer. Using a special crafted soundfont2 file, a use after free vulnerability
Several vulnerabilities have been discovered in klibc. Depending on how klibc is used, these could lead to the execution of arbitrary code, privilege escalation, or denial of service.
The XML parsers used by XMLBeans did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include the possibility for XML Entity Expansion attacks which could lead to a denial-of-service. This update implements sensible defaults for the XML parsers to prevent these kind
Two vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.
Two issues have been found in bluez, a package with Bluetooth tools and daemons. One issue is about a man-in-the-middle attack during secure pairing, the other is about information disclosure due to improper access