Debian LTS Linux Distribution - Page 67.75
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
A potential Cross-Site Scripting (XSS) vulnerability was found in rails, a ruby based MVC framework. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the
CVE-2019-11840 An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto. If more than 256 GiB of keystream is
Apache ActiveMQ, a Java message broker, uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind
Sympa, a modern mailing list manager, allows privilege escalation through setuid wrappers. A local attacker can obtain root access. For Debian 9 stretch, this problem has been fixed in version
Several security vulnerabilities have been discovered in puma, highly concurrent HTTP server for Ruby/Rack applications. CVE-2020-11076
A regression was introduced in DLA-2332-1, where changes in the Debian package building process triggered a bug in the sane-backends packages, causing missing files.
It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. A remote attacker, by sending a malicious crafted SNMP trap, could possibly execute arbitrary shell code with the privileges of the
Several security vulnerabilities have been discovered in Squid, a high- performance proxy caching server for web clients. CVE-2020-15049
A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick (bundled along with jruby) was too tolerant against
A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick (bundled along with ruby2.3) was too tolerant against
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. Therefore, there was a need to explicitly specify the number
This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format.
This update fixes a problem that caused Firefox to fail to build on the arm64 and armhf architectures. For Debian 9 stretch, this problem has been fixed in version
Various vulnerabilities were fixed in nss, the Network Security Service libraries. CVE-2018-12404
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting or spoofing the origin of a download.
Several vulnerabilities were discovered in the Perl5 Database Interface (DBI). An attacker could trigger a denial-of-service (DoS) and possibly execute arbitrary code.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
Several vulnerabilities were fixed in qt4-x11, the legacy version of the Qt toolkit. CVE-2018-15518
Several vulnerabilities were fixed in the Qt toolkit. CVE-2018-19872
Two issues have been found in yaws, a high performance HTTP 1.1 webserver written in Erlang.
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.