Debian LTS Linux Distribution - Page 76.5
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the
Following CVEs were reported against the jackson-databind source package :
Following CVEs were reported against the awl source package: CVE-2020-11728
Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to
A directory traversal vulnerability resulting from insufficient input sanitization was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to execute code in the
A remote code execution vulnerability was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to cause execution of uploaded CSV data.
A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap overflow in 32-bit applications because of a signed overflow on range check in the HuffmanDecodeImage
It was discovered that there was a header-splitting vulnerability in ceph, a distributed storage and file system. For Debian 8 "Jessie", this issue has been fixed in ceph version
libmtp is a library for communicating with MTP aware devices. The Media Transfer Protocol (commonly referred to as MTP) is a devised set of custom extensions to support the transfer of music files on USB digital audio players
libplist is a library for reading and writing the Apple binary and XML property lists format. It's part of the libimobiledevice stack, providing access to iDevices (iPod, iPhone, iPad ...).
The krb5 PAM module (pam_krb5.so) had a buffer overflow that might have caused remote code execution in situations involving supplemental prompting by a Kerberos library.
A vulnerability was discovered in python-bleach, a whitelist-based HTML-sanitizing library. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to a regular expression denial
An issue has been found in apng2gif, a tool for converting APNG images to animated GIF format.
Several issues have been found in gst-plugins-bad0.10, a package containing GStreamer plugins from the "bad" set.
A minor security issue and a severe packaging bug have been fixed in tinyproxy, a lightweight http proxy daemon.
A remote code execution vulnerability was discovered in the Form API component of the Horde Application Framework. An authenticated remote attacker could use this flaw to upload arbitrary content to an arbitrary
Two security issues have been detected in tika and fixed. CVE-2020-1950:
Two security issues have been identified and fixed in php5, a server-side, HTML-embedded scripting language.
Mickael Karatekin from Sysdream Labs discovered that the Okular document viewer allows code execution via an action link in a PDF document.
An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on