Debian LTS Linux Distribution - Page 40.5
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
CVE-2021-3596 A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in information disclosure or denial of service. For Debian 9 stretch, these problems have been fixed in version
lrzip, a compression program, was found to have a heap memory corruption bug. For Debian 9 stretch, this problem has been fixed in version 0.631-1+deb9u3.
It was discovered that the package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
Waitress is a Python WSGI server, an application server for Python web apps. Security updates to fix request smuggling bugs, when combined with another http proxy that interprets requests differently. This can lead to a potential for
It was discovered that Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, incorrectly handled certain input. An attacker could possibly use this issue to cause a crash, or expose sensitive information.
KiCad is a suite of programs for the creation of printed circuit boards. It includes a schematic editor, a PCB layout tool, support tools and a 3D viewer to display a finished & fully populated PCB.
One security issue has been found in a compression library libz-mingw-w64. Danilo Ramos discovered that incorrect memory handling in
In ecdsautils, a collection of ECDSA elliptic curve cryptography command line tools, an improper verification of cryptographic signatures was detected. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures.
Multiple security issues were discovered in mruby, a lightweight implementation of the Ruby language CVE-2017-9527
Smarty3, a template engine for PHP, allowed template authors to run restricted static php methods. The same authors could also run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Several issues were discovered in OpenVPN, a Virtual Private Network server and client, that could lead to authentication bypass when using deferred auth plugins.
The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling.
It was discovered that the implementation of UntypedObjectDeserializer in jackson-databind, a fast and powerful JSON library for Java, was prone to a denial of service attack when deeply nested object and array values were processed.
A security vulnerability was found in Ghostscript, the GPL PostScript/PDF interpreter. It was discovered that some privileged Postscript operators remained accessible from various places. For instance a specially crafted PostScript file could use this flaw in order to have access to the file
An issue has been found in tinyxml, a C++ XML parsing library. Crafted XML messages could lead to an infinite loop in
Three issues have been found in libarchive, a multi-format archive and compression library.
Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service (DoS) or invalid cryptographic computation.
Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service (DoS) or invalid cryptographic computation.