Debian LTS Linux Distribution - Page 74.35
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Two vulnerabilities have been discovered in mutt, a console email client. CVE-2020-14093
In libmatio, a library to read and write Matlab MAT files, a vulnerability was fixed in Mat_VarReadNextInfo4 in mat4.c that could lead to a heap-based buffer over-read in strdup_vprintf.
Several vulnerabilities were fixed in nss, the Network Security Service libraries. CVE-2020-12399
GNU Mailman allowed arbitrary content injection via the Cgi/private.py private archive login page.
Several vulnerabilities have been discovered in libVNC (libvncserver Debian package), an implemenantation of the VNC server and client protocol.
CVE-2020-13663 - Drupal SA 2020-004 The Drupal core Form API does not properly handle certain form
Several vulnerabilities were fixed in qemu, a fast processor emulator. CVE-2020-1983
It has been discovered, that a vulnerability in php5, a server-side, HTML-embedded scripting language, could lead to exhausted disk space on the server. When using overly long filenames or field names, a memory
It was discovered that there was a "roster push attack" in mcabber, a console-based Jabber (XMPP) client. This is identical to CVE-2015-8688 for gajim.
It was discovered that there was a command injection vulnerability in picocom, a minimal dumb-terminal emulation program.
Several issues have been fixed in zziplib, a library providing read access on ZIP-archives. They are basically all related to invalid memory access and resulting crash or memory leak.
It was found that pngquant, a PNG (Portable Network Graphics) image optimising utility, is susceptible to a buffer overflow write issue triggered by a maliciously crafted png image, which could lead into
It was discovered that libtiprc, a transport-independent RPC library, could be used for a denial of service or possibly unspecified other impact by a stack-based buffer overflow due to a flood of crafted ICMP and UDP
A vulnerability has been discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library.
CVE-2020-14929 Alpine before 2.23 silently proceeds to use an insecure connection
It was discovered that there was an out-of-bounds access vulnerability in the server-server protocol in the ngircd Internet Relay Chat (IRC) server.
Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the
Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.
Multiple security issues have been found in Thunderbird which could result in the setup of a non-encrypted IMAP connection, denial of service or potentially the execution of arbitrary code.
It was discovered that there was a regression in the latest update to Django, the Python web development framework. The upstream fix for CVE-2020-13254 to address data leakages via malformed memcached keys could, in some situations, cause a traceback.