Find the information you need for your favorite open source distribution .
Nathan Davison discovered that HAProxy, a load balancing reverse proxy, did not correctly reject requests or responses featuring a transfer-encoding header missing the "chunked" value which could facilitate a HTTP request smuggling attack. Furthermore several flaws were discovered in DNS related functions that
Smarty3 is a template engine for PHP. It was found that template authors could inject PHP code by choosing a malicious {block} name or {include} file name. For Debian 9 stretch, this problem has been fixed in version
A flaw was found in the check_chunk_name() function of pngcheck, a tool to verify the integrity of PNG, JNG and MNG files. This flaw allows an attacker who can pass a malicious file to be processed by pngcheck to cause a temporary denial of service.
An issue was found in zipios++, a small C++ library for reading zip files. Due to wrong handling of malformed zip files, an infinite loop could be entered, which results in a denial of service.
Joshua Mason discovered that a logic error in the validation of the secret key used in the "local" authorisation mode of the CUPS printing system may result in privilege escalation.
An issue has been found in package atftp, an advanced TFTP client/server. Due to missing bound checks, data could be read behind a buffer so that
It was discovered that the previous upload to neutron to Debian 9 "Stretch" (ie. version 2:9.1.1-3+deb9u2) was incomplete and did not actually apply the fix for CVE-2021-40085.
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
Several security vulnerabilities have been discovered in puma, a web server for Ruby/Rack applications. These flaws may lead to information leakage due to not always closing response bodies, allowing untrusted input in a response header (HTTP Response Splitting) and thus potentially facilitating several other
