Debian LTS Linux Distribution - Page 77.75
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It was discovered that there was a integer signedness error in the miniupnpc UPnP client that could allow remote attackers to cause a denial of service attack.
An issue has been found in pound, A request smuggling vulnerability was discovered in pound, a everse proxy, load balancer and HTTPS front-end for Web servers, that may allow
Two issues have been found in w3m, WWW browsable pager with excellent tables/frames support.
An issue has been found in yodl, a pre-document language. Hanno Bock discovered that there was a buffer over-read vulnerability.
Agostino Sarubbo of Gentoo discovered a heap buffer overflow write in the rzip program (a compression program for large files) when uncompressing maliciously crafted files.
Three issues have been found in php5, a server-side, HTML-embedded scripting language.
Radicale, a simple calendar and addressbook server - daemon, is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
It has been discovered a NULL pointer dereference could happen in ncmpc, an ncurses-based audio player. This could result in a crash and a denial of service.
It was discovered that eog (Eye of GNOME) incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause
It was discovered that there was a path traversal vulnerability in jsch, a pure Java implementation of the SSH2 protocol.
It was discovered that there was a null pointer deference exploit in libgsf, a I/O abstraction library for GNOME.
It was discovered that there was a path-traversal issue in Apache Shiro, a security framework for the Java programming language. A specially-crafted request could cause an authentication bypass.
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the
Following CVEs were reported against the jackson-databind source package :
Following CVEs were reported against the awl source package: CVE-2020-11728
Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to
A directory traversal vulnerability resulting from insufficient input sanitization was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to execute code in the
A remote code execution vulnerability was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to cause execution of uploaded CSV data.
A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap overflow in 32-bit applications because of a signed overflow on range check in the HuffmanDecodeImage
It was discovered that there was a header-splitting vulnerability in ceph, a distributed storage and file system. For Debian 8 "Jessie", this issue has been fixed in ceph version