Debian LTS Linux Distribution - Page 76.25
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It was discovered that there was an out-of-bounds buffer read vulnerability in libvpx, a library implementing the VP8 & VP9 video codecs.
It was discovered that there was an out-of-bounds write vulnerability in pdfresurrect, a tool for extracting or scrubbing versioning data from PDF documents.
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569
It was discovered that there was an issue where incorrect default permissions on a HTTP cookie store could have allowed local attackers to read private credentials.
A privilege escalation vulnerability was discovered in zsh, a shell with lots of features, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted.
It was discovered that there was a regression in a previous fix for a use-after-free vulnerability in the proftpd-dfsg FTP server. Exploitation of the original vulnerability within the memory pool handling
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
An issue has been found in libapache2-mod-auth-openidc, an OpenID Connect authentication module for Apache. Due to insufficient validatation of URLs an Open Redirect vulnerability
An issues has been found in firebird2.5, an RDBMS based on InterBase 6.0. As UDFs can be used for a remote authenticated code execution (as user firebird), UDFs have been disabled in the default configuration
Some isses have been found in gst-plugins-base0.10, a package that provides GStreamer plugins from the "base" set. All issues are related to crafted ico-files that could result in an
An issue has been found in collabtive, a web-based project management software. Due to missing checks an attacker could upload scripts, which would execute code on the server by accessing for example avatar images.
Two issues have been found in php5, a server-side, HTML-embedded scripting language. Both issues are related to crafted data that could lead to reading after an allocated buffer and result in information disclosure or
An uninitialized pointer vulnerability was discovered in pure-ftpd, a secure and efficient FTP server, which could result in an out-of-bounds memory read and potential information disclosure.
It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.
It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.
There is an OS command injection vulnerability in Rake (a ruby make-like utility) < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.
It was discovered that the jQuery version embedded in OTRS, a ticket request system, was prone to a cross site scripting vulnerability in jQuery.extend().
A vulnerability was found in pam_radius: the password length check was done incorrectly in the add_password() function in pam_radius_auth.c, resulting in a stack based buffer overflow.
It was discovered that there was a a use-after-free vulnerability in in the proftpd-dfsg FTP server. Exploitation of this vulnerability within the memory pool handling