Debian LTS Linux Distribution - Page 9.55
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
A memory leak was found in ruby-magick an interface between Ruby and ImageMagick, that could lead to a Deny of Service (DOS) by memory exhaustion.
It was discovered that there was a potential authorisation bypass vulnerability in Apache Zookeeper, a co-ordination service for reliable distributed applications.
The last update required an update to the database scheme, but as zabbix does not support upgrading the database scheme if SQlite3 is used, using zabbix-proxy-sqlite3 requires the user to drop the database and recreate it with a supplied sql template file.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate() or
Letian Yuan discovered a flaw in Apache Axis 1.x, a SOAP implementation written in Java. It may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the
A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early.
Multiple vulnerabilities were discovered in nghttp2, an implementation of the HTTP/2 protocol. CVE-2020-11080
Several vulnerabilities have been fixed in poppler, a PDF rendering library. CVE-2020-23804
Batik is a toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as viewing, generation or manipulation.
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-24998
It was discovered that there was a potential code injection vulnerability in org-mode, a popular add-on for the Emacs text editor.
Kevin Backhouse discovered an out-of-bounds array access in Libcue, a library for parsing CD metadata, which could result in the execution of arbitrary code.
Several vulnerabilities were discovered in Python 3.7. CVE-2022-48560
Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool. CVE-2023-28321
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. Debian follows the Thunderbird upstream releases. Support for the
Two vulnerabilities were discovered in lemonldap-ng: * an open redirection when OpenID-Connect configuration isn't generated by the manager and if OIDC RP has no oidcRPMetaDataOptionsRedirectUris * a Server-Side-Request-Forgery in OpenID-Connect (CVE-2023-44469)
Security issues were discovered in inetutils, a collection of GNU network utilities, which could lead to privilege escalation or potentially execution of arbitrary code.
Security vulnerabilities were found in python-urllib3, an HTTP library with thread-safe connection pooling for Python, which could lead to information disclosure or authorization bypass.
prometheus-alertmanager package, a component of Prometheus, an application used for event monitoring and alerting, was vulnerable to stored XSS type attack.