Debian LTS Linux Distribution - Page 40
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in bypass of sandbox restrictions. For Debian 9 stretch, these problems have been fixed in version
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. In adddition a number of security issues were addressed in the OpenPGP support.
Multiple vulnerabilities were discovered in Zabbix, a network monitoring solution. An attacker may enumerate valid users and redirect to external links through the zabbix web frontend.
CVE-2021-29447 Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue
A heap overflow issue was detected in libebml, a library to read and write files in the EBML format, a binary pendant to XML. These issues appeared in several ReadData functions of various data type
Two security issues have been discovered in python2.7: CVE-2019-16935
The update of smarty3 released as DLA-2618-1 induced a regression due to a syntax error in sysplugins/smarty_security.php. For Debian 9 stretch, this problem has been fixed in version
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
Several security vulnerabilities have been discovered in QEMU, a fast processor emulator. CVE-2021-20257
It was discovered that there was a potential directory traversal issue in Django, a Python-based web development framework. The vulnerability could have been exploited by maliciously crafted
A vulnerability was discovered in php-pear, which provides core packages from the PHP Extension and Application Repository. Tar.php in Archive_Tar allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to
Three security issues have been discovered in python3.5: CVE-2021-3177
Several vulnerabilities were discovered in smarty3, a template engine for PHP. CVE-2018-13982
Cyku Hong from DEVCORE discovered that php-nette, a PHP MVC framework, is vulnerable to a code injection attack by passing specially formed parameters to URL that may possibly leading to remote code execution.
In XStream there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.
Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam filter using text analysis. Malicious rule configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.
The gunzip decompressor of Busybox, tiny utilities for small and embedded systems, mishandled the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
node-underscore and libjs-underscore are vulnerable to Arbitrary Code Execution via the template function, particulary when a variable property is passed as an argument as it is not sanitized.