Debian LTS Linux Distribution - Page 72.25
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.
xrdp-sesman service in xrdp can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them
ruby-kramdown processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is
The following CVE(s) have been reported against src:wpa. CVE-2019-10064
It was noticed that in Pillow before 7.1.0, there are multiple out-of-bounds reads in libImaging/FliDecode.c. For Debian 9 stretch, this problem has been fixed in version
Yunus Çadırcı found an issue in the SUBSCRIBE method of UPnP, a network protocol for devices to automatically discover and communicate with each other. Insuficient checks on this method allowed attackers to use vulnerable UPnP services for DoS attacks or possibly to bypass
Several vulnerabilities have been found in the ClamAV antivirus toolkit: CVE-2020-3327
Todd Carson discovered some integer overflows in libX11, which could lead to heap corruption when processing crafted messages from an input method.
In Evolution Data Server a vulnerability was discovered that allowed a malicious server to crash the mail client. For Debian 9 stretch, this problem has been fixed in version
Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code.
It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language.
In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in
rubyzip gem version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem.
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
`add_password` in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could
The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service.
Several vulnerabilities were fixed in libjpeg-turbo, a widely used library for handling JPEG files. CVE-2018-1152
Several vulnerabilities were discovered in mercurial, an easy-to-use, scalable distributed version control system. CVE-2017-17458
Tobias Stoeckmann found an integer overflow issue in JSON-C, a C library to manipulate JSON objects, when reading maliciously crafted large files. The issue could be exploited to cause denial of service or possibly execute arbitrary code.
It was discovered that there was an issue where kdepim-runtime would default to using unencrypted POP3 communication despite the UI indicating that encryption was in use.