Debian LTS Linux Distribution - Page 82.45
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Several vulnerabilities have been discovered in the otrs2 package that may lead to unauthorized access, remote code execution and spoofing.
It was discovered that there were a large number of NULL pointer dereferences due to unchecked return values from malloc and friends in hiredis, a minimalistic C client library.
An issue has been found in unzip, a de-archiver for .zip files. While processing a password protected archive, a heap-based buffer overflow could happen, that allows an attacker to perform a denial of
OpenJPEG had a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so.
Two security vulnerabilities have been fixed in the Tomcat servlet and JSP engine. CVE-2019-12418
An issue has been found in iperf3, an Internet Protocol bandwidth measuring tool. Bad handling of UTF8/16 strings in an embedded library could cause a
An issue has been found in slirp, a SLIP/PPP emulator using a dial up shell account. Due to bad memory handling in slirp a heap-based buffer overflow or other
An issue has been found in jsoup, a Java HTML parser that makes sense of real-world HTML soup. Due to bad handling of missing '>' at EOF a cross-site scripting (XSS) vulnerability could appear.
Several issues have been found in python-apt, a python interface to libapt-pkg. CVE-2019-15795
Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system.
Several issues have been found in transfig, a XFig figure files converter. CVE-2018-16140
Multiple issues were found in gpac, a multimedia framework featuring the MP4Box muxer. CVE-2018-21015
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or information disclosure.
In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests
It was discovered that there were a number of cross-site scripting vulnerabilities in cacti, a web interface for monitoring systems. For Debian 8 "Jessie", this issue has been fixed in cacti version
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
In debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server allowed password changes for other Kerberos user principals.
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in gThumb and Pix
An input sanitization bypass was discovered in Wordpress, a popular content management framework. An attacker can use this flaw to send malicious scripts to an unsuspecting user.