Find the information you need for your favorite open source distribution .
Security researchers of JFrog Security and Ismail Aydemir discovered two remote code execution vulnerabilities in the H2 Java SQL database engine which can be exploited through various attack vectors, most notably through the H2 Console and by loading custom classes from remote servers through
It was found that PgBouncer, a PostgreSQL connection pooler, was susceptible to an arbitrary SQL injection attack if a man-in-the-middle could inject data when a connection using certificate authentication is established.
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in version
James Kettle discovered that a request smuggling attack can be performed on HTTP/1 connections on Varnish servers, high-performance web accelerators. The smuggled request would be treated as an additional request by the Varnish server which may lead to information disclosure and cache poisoning.
Two issues have been discovered in python2.7: CVE-2021-3177
Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, bypass of deserialization restrictions or information disclosure.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Several issues were found in ConnMan, a connection manager for embedded devices, that could cause denial of service via service crash or excessive CPU usage.
