Debian LTS Linux Distribution - Page 7
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine. The org.eclipse.jetty.servlets.CGI class has been deprecated. It is potentially
A buffer overflow in VP8 media stream processing has been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Security issues were discovered in python-reportlab, a Python library for generating PDFs and graphics, which could lead to remote code execution or authorization bypass.
Santos Gallegos discovered a blind local file inclusion in python-git, a Python library to interact with Git repositories, which could lead to denial of service or potentially information disclosure.
Multiple vulnerabilities were found in vim a text editor. CVE-2023-4752
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
An out-of-bounds read problem was found in the postprocess_terminfo function of ncurses, a text-based user interface toolkit, which could potentially lead to an exposure of sensitive information or denial of service.
Multiple vulneratibilities were found in exempi, an implementation of XMP (Extensible Metadata Platform). CVE-2020-18651
Florent Saudel and Arnaud Gatignol discovered a Type Confusion vulnerability in the Spotlight RPC functions in afpd in Netatalk. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can
Several security vulnerabilities were found in GLib, a general-purpose utility library, used by projects such as GTK+, GIMP, and GNOME. CVE-2023-29499
Vulnerabilities were found in ghostscript, an interpreter for pdf PostScript language, which allows remote attackers to cause denial of service.
A buffer overflow vulnerability was found in FLAC, a free lossless audio codec, in the bitwriter_grow_ function. This flaw may allow remote attackers to run arbitrary code via specially crafted input to the encoder.
The mod_jk component of Apache Tomcat Connectors, an Apache 2 module to forward requests from Apache to Tomcat, in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied
An issue has been found in elfutils, a collection of utilities to handle ELF objects. Due to missing bound checks and reachable asserts, an attacker can
Matteo Memelli discovered a flaw in lldpd, an implementation of the IEEE 802.1ab protocol. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory.
Niraj Shivtarka discovered a cross-site scripting (XSS) vulnerability in Roundcube, a skinnable AJAX based webmail solution for IMAP servers, which could lead to information disclosure via malicious link references in plain/text messages.
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library). Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary
This update fixes multiple vulnerabilities concerning the urlparse module as well as vulnerabilities concerning the heapq, hmac, plistlib and ssl modules. CVE-2021-23336
Two NULL pointer dereference flaws were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, which may result in denial of service (application crash) when viewing a specially crafted email or when composing from a specially crafted draft message.
Multiple security vulnerabilities were found in frr, the FRRouting suite of internet protocols. Maliciously constructed Border Gateway Protocol (BGP) packages or corrupted tunnel attributes may cause a denial of service (application crash) which could be exploited by a remote attacker.