Debian LTS Linux Distribution
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Some isses have been found in gst-plugins-base0.10, a package that provides GStreamer plugins from the "base" set. All issues are related to crafted ico-files that could result in an
An issue has been found in collabtive, a web-based project management software. Due to missing checks an attacker could upload scripts, which would execute code on the server by accessing for example avatar images.
Two issues have been found in php5, a server-side, HTML-embedded scripting language. Both issues are related to crafted data that could lead to reading after an allocated buffer and result in information disclosure or
An uninitialized pointer vulnerability was discovered in pure-ftpd, a secure and efficient FTP server, which could result in an out-of-bounds memory read and potential information disclosure.
It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.
It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.
There is an OS command injection vulnerability in Rake (a ruby make-like utility) < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.
It was discovered that the jQuery version embedded in OTRS, a ticket request system, was prone to a cross site scripting vulnerability in jQuery.extend().
A vulnerability was found in pam_radius: the password length check was done incorrectly in the add_password() function in pam_radius_auth.c, resulting in a stack based buffer overflow.
It was discovered that there was a a use-after-free vulnerability in in the proftpd-dfsg FTP server. Exploitation of this vulnerability within the memory pool handling
Several vulnerabilities were discovered in Netty, a Java NIO client/server socket framework:
Several vulnerabilities were discovered in the HTTP server provided by Netty, a Java NIO client/server socket framework:
A vulnerability was discovered in libgd2, the GD graphics library, whereby an attacker can employ a specific function call sequence to trigger a NULL pointer dereference, subsequently crash the application
Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks. For Debian 8 "Jessie", this problem has been fixed in version
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For Debian 8 "Jessie", these problems have been fixed in version
debian-security-support, the Debian security support coverage checker, has been updated in jessie-security. This marks the end of life of the libqb package in jessie. A recently
An denial of service via an algorithmic complexity attack on email address parsing have been identified in libemail-address-list-perl.
Security researchers from Snyk discovered that the fix for CVE-2019-9658 was incomplete. Checkstyle, a development tool to help programmers write Java code that adheres to a coding standard, was still vulnerable to XML External Entity (XXE) injection.
an out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse exif files. This flaw might be leveraged by remote attackers to cause denial of service, or potentially execute arbitrary code via crafted image files.