Debian LTS Linux Distribution - Page 12
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
The mod_jk component of Apache Tomcat Connectors, an Apache 2 module to forward requests from Apache to Tomcat, in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied
An issue has been found in elfutils, a collection of utilities to handle ELF objects. Due to missing bound checks and reachable asserts, an attacker can
Matteo Memelli discovered a flaw in lldpd, an implementation of the IEEE 802.1ab protocol. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory.
Niraj Shivtarka discovered a cross-site scripting (XSS) vulnerability in Roundcube, a skinnable AJAX based webmail solution for IMAP servers, which could lead to information disclosure via malicious link references in plain/text messages.
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library). Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary
This update fixes multiple vulnerabilities concerning the urlparse module as well as vulnerabilities concerning the heapq, hmac, plistlib and ssl modules. CVE-2021-23336
Two NULL pointer dereference flaws were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, which may result in denial of service (application crash) when viewing a specially crafted email or when composing from a specially crafted draft message.
Multiple security vulnerabilities were found in frr, the FRRouting suite of internet protocols. Maliciously constructed Border Gateway Protocol (BGP) packages or corrupted tunnel attributes may cause a denial of service (application crash) which could be exploited by a remote attacker.
Multiple flaws were found in libyang, a parser toolkit for IETF YANG data modeling. Double frees, invalid memory access and Null pointer dereferences may cause a denial of service or potentially code execution.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.
A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For Debian 10 buster, this problem has been fixed in version
A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For Debian 10 buster, this problem has been fixed in version
A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For Debian 10 buster, this problem has been fixed in version
A vulnerability has been identified in c-ares, an asynchronous name resolver library: CVE-2020-22217:
Several vulnerabilities were discovered in Samba, the SMB/CIFS file, print, and login server for Unix. CVE-2016-2124
Multiple vulnerabilities were discovered in Rails HTML Sanitizers, an HTML sanitization library for Ruby on Rails applications. An attacker could launch cross-site scripting (XSS) and denial-of-service (DoS) attacks through crafted HTML/XML documents.
Multiple vulnerabilities were discovered in Loofah, a Ruby library for HTML/XML transformation and sanitization. An attacker could launch cross-site scripting (XSS) and denial-of-service (DoS) attacks through crafted HTML/XML documents.
It was discovered that there was a potential Man In the Middle (MITM) vulnerability in e2guardian, a web content filtering engine. Validation of SSL certificates was missing in e2guardian's own MITM
A security vulnerability was identified in Orthanc, a DICOM server used for medical imaging, whereby authenticated API users had the capability to overwrite arbitrary files and, in certain configurations, execute unauthorized code.
It was discovered that there was a potential Regular Expression Denial of Service (ReDoS) attack in node-cookiejar, a Node.js library for parsing and manipulating HTTP cookies. An attack was possible via passing a large value to the Cookie.parse function.