Debian LTS Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Cédric Krier has found that trytond, the Tryton application server, accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks.
Cédric Krier has found that trytond, the Tryton application server, accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks.
Mate Kukri discovered the Debian build of EDK2, a UEFI firmware implementation, used an insecure default configuration which could result in Secure Boot bypass via the UEFI shell.
Gunicorn, an event-based HTTP/WSGI server, fails to properly validate Transfer- Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due
Multiple vulnerabilities have been fixed in the Name Service Cache Daemon that is built by the GNU C library and shipped in the nscd binary package. CVE-2024-33599
Mojolicious is a Perl Web Application Framework built around the familiar Model-View-Controller philosophy. It supports a simple single file mode via Mojolicious::Lite, RESTful routes, plugins, Perl-ish templates, session management, signed cookies, a testing framework, internationalization, first
A vulnerability was discovered in GNU Emacs, the extensible, customisable, self-documenting display editor. The org-link-expand-abbrev function expanded a %(...) link abbrev even
A vulnerability was discovered in Org-mode, a GNU Emacs major mode for keeping notes, authoring documents, and maintaining to-do lists. The org-link-expand-abbrev function expanded a %(...) link abbrev even
Multiple vulnerabilities havebenn fixed in DCMTK, a collection of libraries and applications implementing large parts the DICOM standard for medical images.
Several flaws were discovered in dlt-daemon, a Diagnostic Log and Trace logging daemon. Buffer overflows and memory leaks may lead to a denial of service or other unspecified impact.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Multiple vulnerabilities were found in git, a fast, scalable and distributed revision control system. CVE-2019-1387
Several vulnerabilities were discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Several vulnerabilities were discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Julien Viet discovered that Netty, a Java NIO client/server socket framework, was vulnerable to allocation of resources without limits or throttling due to the accumulation of data in the HttpPostRequestDecoder. This would allow an attacker to cause a denial of service.
A biased ECDSA nonce generation allowed an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's
Fixing CVE-2023-51765 (smtp smuggling) requires to reject email that include NUL bytes, in some configuration. Previous security version of sendmail, by default, does not
It was discovered that there were a number of command-line injection vulnerabilities in Composer, a popular dependency manager for PHP. The 'install', 'status', 'reinstall' and 'remove' functionality had