Debian LTS Essential and Critical Security Patch Updates - Page 2
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It was discovered that there was a buffer overflow vulnerability in libndp, a library for implementing IPv6's "Neighbor Discovery Protocol" (NDP) and is used by Network Manager and other networking tools.
PHP, a widely-used open source general purpose scripting language, is affected by a security problem when parsing certain types of URLs. Due to a code logic error filtering functions such as filter_var when
Cross-site scripting (XSS) vulnerabilities were discovered in Roundcube, a skinnable AJAX based webmail solution for IMAP servers, which could allow a remote attacker to load arbitrary JavaScript code and might lead to privilege escalation or information disclosure.
An out-of-bounds read in the 'bson' module allowed deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
A symlink attack with emergency file saving has been fixed in the text editor nano. For Debian 10 buster, this problem has been fixed in version
Integer overflows have been fixed in libvpx, a library for decoding and encoding VP8 and VP9 videos. For Debian 10 buster, this problem has been fixed in version
sendmail allowed SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports
A vulnerability was discovered in Atril, a simple document viewer designed for the MATE desktop environment. CVE-2023-52076
Unauthorized local user access to the session manager has been fixed in the Plasma Workspace component of the KDE Plasma desktop environment. For Debian 10 buster, this problem has been fixed in version
An issue has been found in cups, the Common UNIX Printing System(tm). When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, the bypass of sandbox restrictions or an information leak.
An integer overflow in the EXIF metadata parser has been fixed in the GStreamer media framework. For Debian 10 buster, this problem has been fixed in version
Security vulnerabilities were found in less, a pager program similar to more, which could result in arbitrary command execution when processing files with crafted names.
It was discovered that there was a potential SQL injection attack in python-pymysql, a MySQL client library for Python. This was exploitable when python-pymysql was used with untrusted JSON input as keys were not escaped by the escape_dict routine.
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously
An problem has been fixed with the handling of the AVRCP protocol in the bluetooth stack that could lead to remote code execution. For Debian 10 buster, this problem has been fixed in version
Fossil was broken by fixes of CVE-2024-24795 for apache2 package, and needed an update. As part of the security fix, the Apache webserver
Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting, denial of service, or authorization bypass.
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version
Two vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service. CVE-2023-50387