Debian LTS Linux Distribution - Page 70.25
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Several issues have been found in xorg-server, the X server from xorg. Basically all issues are out-of-bounds access or integer underflows in different request handlers. One CVE is about a leak of uninitialize heap
Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.
Use of unsafe yaml load was fixed in ros-actionlib, the Robot OS actionlib library. For Debian 9 stretch, this problem has been fixed in version
Several vulnerabilites have been reported against FreeRDP, an Open Source server and client implementation of the Microsoft RDP protocol. CVE-2014-0791
Two issues have been found in bind9, an Internet Domain Name Server. CVE-2020-8622
An issue has been found in ndpi, an extensible deep packet inspection library. The Oracle protocol dissector contains an heap-based buffer over-read, which could crash the application that uses this library and
An issue has been found in bacula, a network backup service. By sending oversized digest strings a malicious client can cause a heap overflow in the director's memory which results in a denial of service.
The File Manager (gollem) module in Horde Groupware has allowed remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponded to the exact filename.
In Horde Groupware, there has been an XSS vulnerability that could be exploited via the URL field in a "Calendar -> New Event" action. For Debian 9 stretch, this problem has been fixed in version
In Horde Groupware, there has been an XSS via the Name field during creation of a new Resource. This could have been leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.
In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action. For Debian 9 stretch, this problem has been fixed in version
In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action. For Debian 9 stretch, this problem has been fixed in version
Several minor vulnerabilities have been discovered in libvncserver, a server and client implementation of the VNC protocol. CVE-2019-20839
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed.
It was discovered that there was a use-after-free vulnerability when parsing PHAR files, a method of putting entire PHP applications into a single file.
The update of proftpd-dfsg released as DLA-2338-1 incorrectly destroyed the memory pool in function sftp_kex_handle in contrib/mod_sftp/kex.c which may cause a segmentation fault and thus prevent sftp connections.
A denial of service vulnerability was discovered in mongodb, an object/document-oriented database, whereby a user authorized to perform database queries may issue specially crafted queries, which violate an invariant in the query subsystem's support for geoNear.
A directory traversal vulnerability was discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process.
Several vulnerabilities were fixed in libjackson-json-java, a Java JSON processor. CVE-2017-7525
In inetutils-telnetd, an implementation of a telnet daemon, arbitrary remote code execution might have been possible via short writes or urgent data.