Debian LTS Linux Distribution - Page 45
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Several issues were found in ConnMan, a connection manager for embedded devices, that could cause denial of service via service crash or excessive CPU usage.
xterm, an X terminal emulator, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
Thomas Chauchefoin from SonarSource discovered that in Zabbix, a server/client network monitoring system, after the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. An
It was found that in libphp-adodb, a PHP database abstraction layer library, an attacker can inject values into the PostgreSQL connection string by bypassing adodb_addslashes(). The function can be bypassed in phppgadmin, for example, by surrounding the username in quotes and
Several vulnerabilities have been discovered in apng2gif, a tool for converting APNG images to animated GIF format. Improper sanitization of user input can result in denial of service (application crash) or possible execution of arbitrary code if a malformed image file is processed.
Zhuowei Zhang discovered a bug in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack.
Several security vulnerabilities have been discovered in librecad, a computer-aided design (CAD) system. Buffer overflows may lead to remote code execution if a specially crafted JWW document is processed.
Two vulnerabilities have been discovered in the Apache HTTP server: CVE-2021-44224
It was discovered that there were two vulnerabilities in Django, a popular Python-based web development framework: - CVE-2022-22818: Possible XSS via {% debug %} template tag.
Multiple security vulnerabilities have been discovered in Apache Log4j 1.2, a Java logging framework, when it is configured to use JMSSink, JDBCAppender, JMSAppender or Apache Chainsaw which could be exploited for remote code execution.
Multiple security vulnerabilities have been discovered in Expat, the XML parsing C library. Integer overflows or invalid shifts may lead to a denial of service or other unspecified impact.
Several vulnerabilities have been discovered in libraw that may lead to the execution of arbitrary code, denial of service, or information leaks.
An issue has been found in graphicsmagick, a collection of image processing tools, that results in a heap buffer overwrite when magnifying MNG images.
n issue has been found in libxfont, an X11 font rasterisation library. By creating symlinks, a local attacker can open (but not read) local files as user root. This might create unwanted actions with special files like
An issues has been found in lrzsz, a set of tools for zmodem/xmodem/ymodem file transfer. Due to an incorrect length check, which might result in a size_t wrap
The Qualys Research Labs discovered a local privilege escalation in PolicyKit's pkexec. Details can be found in the Qualys advisory at
It was found that nss, the Mozilla Network Security Service library, was vulnerable to a NULL pointer dereference when parsing empty PKCS 7 sequences, which could result in denial of service.
David Bouman discovered a heap-based buffer overflow vulnerability in the base64 functions of aide, an advanced intrusion detection system, which can be triggered via large extended file attributes or ACLs. This may result in denial of service or privilege escalation.
Multiple out-of-bounds error were discovered in qt4-x11. The highest threat from CVE-2021-3481 (at least) is to data confidentiality the application availability.