Debian LTS Linux Distribution - Page 80
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
An issue has been found in e2fsprogs, a package that contains ext2/ext3/ext4 file system utilities. A specially crafted ext4 directory can cause an out-of-bounds write on the
Tomcat8 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle
The following packages CVE(s) were reported against phpmyadmin. CVE-2020-10802
The following CVE(s) were reported against jackson-databind. CVE-2020-10672
A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that allows allows an attacker to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
It was discovered that systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers.
It was discovered that there were was a regression introduced in DLA-2145-1 due to the incorrect application of the upstream patch for CVE-2020-10108 & CVE-2020-10109 regarding a number of HTTP request splitting vulnerabilities in Twisted, an Python event-based framework
tif_getimage.c in LibTIFF, as used in GDAL has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
In libvncserver, through libvncclient/cursor.c, there is a possibility of a heap overflow, as reported by Pavel Cheremushkin.
It was discovered that there were a number of HTTP request splitting vulnerabilities in Twisted, an Python event-based framework for building various types of internet applications.
Two out-of-bounds heap buffer accesses were found in QEMU, a fast processor emulator, which could result in denial of service or abitrary code execution.
Several issue were found in Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system.
It was discovered that there was a buffer overflow vulnerability in slirp, a SLIP/PPP emulator for using a dial up shell account. This was caused by the incorrect usage of return values from snprintf(3).
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Similar to CVE-2016-10743 the host access point daemon, hostapd, in EAP mode used a low quality pseudorandom number generator that leads to insufficient entropy. The problem was resolved by using the os_get_random function which provides cryptographically strong pseudo
It was discovered that there was an out-of-bounds buffer read vulnerability in libvpx, a library implementing the VP8 & VP9 video codecs.
It was discovered that there was an out-of-bounds write vulnerability in pdfresurrect, a tool for extracting or scrubbing versioning data from PDF documents.
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569
It was discovered that there was an issue where incorrect default permissions on a HTTP cookie store could have allowed local attackers to read private credentials.