Debian LTS Linux Distribution - Page 49.5
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Two issues have been found in atftp, an advanced TFTP client. Both are related to sending crafted requests to the server and triggering a denial-of-service due to for example a buffer overflow.
Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of these flaws for local root privilege escalation.
Multiple issues have been discovered in ffmpeg - tools for transcoding, streaming and playing of multimedia files. CVE-2020-20445
Jacob Champion discovered two vulnerabilities in the PostgreSQL database system, which could result in man-in-the-middle attacks. For Debian 9 stretch, these problems have been fixed in version
Several vulnerabilities were discovered in Icinga 2, a general-purpose monitoring application. An attacker could retrieve sensitive information such as service passwords and ticket salt by querying the web API, or by intercepting unsufficiently checked encrypted
Multiple security vulnerabilities have been discovered in Salt, a powerful remote execution manager, that allow for local privilege escalation on a minion, server side template injection attacks, insufficient checks for eauth credentials, shell and command injections or incorrect validation of
Several vulnerabilities have been discovered in the OpenJDK Java runtime, including issues with cyprographic hashing, TLS client handshaking, and various other issues.
CKEditor, an open source WYSIWYG HTML editor with rich content support, which can be embedded into web pages, had two vulnerabilites as follows:
One security issue has been discovered in botan1.10: a C++ cryptography library.
Two SQL injection vulnerabilities were discovered in SQLAlchemy, a SQL toolkit and Object Relational Mapper for Python, when the order_by or group_by parameters can be controlled by an attacker.
There were a couple of vulnerabilites found in src:python3.5, the Python interpreter v3.5, and are as follows: CVE-2021-3733
Stefan Walter found that udisks2, a service to access and manipulate storage devices, could cause denial of service via system crash if a corrupted or specially crafted ext2/3/4 device or image was mounted, which could happen automatically on certain environments.
CVE-2021-25219 Kishore Kumar Kothapalli discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to
Multiple security vulnerabilities were discovered in GlusterFS, a clustered file system. Buffer overflows and path traversal issues may lead to information disclosure, denial-of-service or the execution of arbitrary code.
Opening a crafted chm file could result in a buffer overflow in libmspack, a library for Microsoft compression formats. For Debian 9 stretch, this problem has been fixed in version
Several vulnerability have been fixed in libsdl2, the older version of the Simple DirectMedia Layer library that provides low level access to audio, keyboard, mouse, joystick, and graphics hardware.
A vulnerability has been fixed in libsdl2, the newer version of the Simple DirectMedia Layer library that provides low level access to audio, keyboard, mouse, joystick, and graphics hardware.
Several vulnerabilities were fixed in elfutils, a collection of utilities and libraries to handle ELF objects. CVE-2018-16062
Several security vulnerabilities have been discovered in OpenCV, the Open Computer Vision Library. Buffer overflows, NULL pointer dereferences and out-of-bounds write errors may lead to a denial-of-service or other unspecified impact.