A vulnerability has been discovered in mod_auth_openidc, an OpenID Certified authentication and authorization module for the Apache HTTP server that implements the OpenID Connect Relying Party functionality:
Comment
Archive for Debian Linux Distribution – Security Advisories
1013 results.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
A heap-based buffer overflow vulnerability was discovered in vips, an fast image processing library designed with efficiency in mind, which may result in denial of service (application crash) if a specially crafted TIFF image file is processed.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of sandbox restrictions.
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure For the stable distribution (bookworm), these problems have been fixed in
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a bypass of sandbox restrictions.
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails.
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails.
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails.
Juray Sarinay discovered that PDF documents signed with the adbe.pkcs7.sha1 standard were incompletely validated by LibreOffice, which could cause invalid signatures to be accepted as legitimate.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Several vulnerabilities were discovered in the Erlang/OTP implementation of the SSH protocol, which may result in denial of service or the execution of arbitrary code.
Two vulnerabilities have been discovered in GraphicsMagick, a set of ommand-line applications to manipulate image files, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.
It was discovered that mod_auth_openidc, an OpenID Certified authentication and authorization module for the Apache HTTP server that implements the OpenID Connect Relying Party functionality, was susceptible to information disclosure in some configurations
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Nathan Mills discovered a heap-based buffer overflow vulnerability in the implementation of the Perl programming language when transliterating non-ASCII bytes with tr///, which may result in denial of service, or potentially the execution of arbitrary code.
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-54551
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
A cross-site scripting vulnerability has been discovered in Lemonldap::NG, a Web-SSO system compatible with OpenID-Connect, CAS and SAML, when using the “Choice” module: It permits to introduce HTML code into the login page and if the default Content-Security-Policy headers
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, HTTP request smuggling, cache poisoning or incomplete dropping of privileges.
Harri K. Koskinen discovered a flaw in the multithreaded .xz decoder lzma_stream_decoder_mt in xz-utils, the XZ-format compression utilities, which may lead to denial of service (application crash) or the execution of arbitrary code.
A security vulnerability was found in Tomcat 10, a Java based web server and servlet engine. A malicious user was able to view security sensitive files and/or inject content into those files when writes were enabled for the default servlet (disabled by default) and support for partial PUT was enabled
Jetty 9 is a Java based web server and servlet engine. Several security vulnerabilities have been discovered which may allow remote attackers to cause a denial of service by repeatedly sending crafted requests which can trigger OutofMemory errors and exhaust the server’s memory.
Debian: DSA-5892-1: atop
Apr03
It was discovered that Atop, a monitor tool for system resources and process activity, always tried to connect to the port of atopgpud (an additional daemon gathering GPU statistics not shipped in Debian) while performing insufficient sanitising of the data read from this
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.