Debian LTS Linux Distribution - Page 11
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Two vulnerabilities were discovered in lemonldap-ng: * an open redirection when OpenID-Connect configuration isn't generated by the manager and if OIDC RP has no oidcRPMetaDataOptionsRedirectUris * a Server-Side-Request-Forgery in OpenID-Connect (CVE-2023-44469)
Security issues were discovered in inetutils, a collection of GNU network utilities, which could lead to privilege escalation or potentially execution of arbitrary code.
Security vulnerabilities were found in python-urllib3, an HTTP library with thread-safe connection pooling for Python, which could lead to information disclosure or authorization bypass.
prometheus-alertmanager package, a component of Prometheus, an application used for event monitoring and alerting, was vulnerable to stored XSS type attack.
It has been found that the update of freerdp2 (see DLA-3606-1) exposed a bug in vinagre, which causes crashes and breaks RDP connections with the symtoms of hangs and black screens.
It has been found that the update of freerdp2 (see DLA-3606-1) exposed a bug in gnome-boxes, which breaks RDP connections with the symtoms of hangs and black screens.
Multiple vulnerabilties have been found in freelrdp2, a free implementation of the Remote Desktop Protocol (RDP). The vulnerabilties potentially allows buffer overreads, buffer overflows, interger overflows, use-after-free, DoS vectors.
A couple of security issues were reported in grub2 package, which is GRand Unified Bootloader v2, that could cause out-of-bounds write and heap-based buffer overflow.
Multiple issues were discovered in qemu, a fast processor emulator. CVE-2020-24165
Several vulnerabilities were found in libXpm, the X Pixmap (XPM) image library. CVE-2023-43786
Several vulnerabilities were found in libx11, the X11 client-side library. CVE-2023-43785
A SQL Injection vulnerability was found in PostgreSQL, an object-relational SQL database management system. An extension script is vulnerable if it uses @extowner@, @extschema@,
Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the SPA/NTLM authenticators are used.
Two buffer overflow vulnerabilities were found in libvpx, a multimedia library for the VP8 and VP9 video codecs, which could result in the execution of arbitrary code if a specially crafted VP8 or VP9 media stream is processed.
A security vulnerability was found in the Open VMware Tools. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.
Intel® released the INTEL-SA-00766 advisory about potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Killer⢠WiFi products may allow escalation of privilege or denial of service. The full advisory is available at [1]
Several cases of improper input validation were fixed in Apache Traffic Server, a reverse and forward proxy server. For Debian 10 buster, these problems have been fixed in version
Two issues have been found in cups, the Common UNIX Printing System(tm). CVE-2023-4504
Several vulnerabilities were fixed in gerbv, a viewer for the Gerber format for printed circuit board (PCB) design. CVE-2021-40393
Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine. The org.eclipse.jetty.servlets.CGI class has been deprecated. It is potentially