Debian LTS Linux Distribution - Page 1.75
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.
Two security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2024-24549
Multiple vulnerabilities were found in libvirt, a C toolkit to interact with the virtualization capabilities of Linux, which could lead to denial of service or information disclosure.
Composer, an application-level dependency manager for the PHP programming language was vulnerable. CVE-2023-43655:
Vulnerabilities have been found in Node.js, which could lead to denial of service or information disclosure. CVE-2023-30590
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure, bypass of content security policies or spoofing.
Stack-based buffer overflow has been fixed in gross, a server for greylisting emails. For Debian 10 buster, this problem has been fixed in version
It was discovered that there was a command-line injection issue in the FreeIPA identity, authentication and audit framework. A specially crafted HTTP request could have lead to a Denial of Service (DoS) attack and/or data exposure.
Two vulnerabilities have been fixed in the Python 3 interpreter. CVE-2023-6597
The zipfile module was vulnerable to âquoted-overlapâ zip-bombs in the Python 2 interpreter. For Debian 10 buster, this problem has been fixed in version
An issue has been found in libnet-cidr-lite-perl, a module for merging IPv4 or IPv6 CIDR address ranges.
Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or leaks of encrypted email subjects.
Multiple vulnerabilities were discovered in the Python Imaging Library (PIL), an image processing library for Python. CVE-2021-23437
A memory leak was found in imagemagick a popular software suite for displaying, creating, converting, modifying, and editing raster images. For Debian 10 buster, this problem has been fixed in version
A couple of vulnerabilities were found in zfs-linux. CVE-2013-20001
Multiple vulnerabilities were found in Cacti, a network monitoring system. An attacker could manipulate the database, execute code remotely, launch DoS (denial-of-service) attacks or impersonate Cacti users, in some situations.
In the PostgreSQL database server, a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands.
curl was affected by a path traversal vulnerability. SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate
Two vulnerabilities have been fixed in unADF, a tool to extract files from an Amiga Disk File dump. CVE-2016-1243
Hatim Chabik discovered a cross-site scripting (XSS) vulnerability in spip, a content management system, which can lead to privilege escalation or information disclosure.