Debian ≫ Debian Linux

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, addi...

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

OpenStack nova base images permissions are world readable

In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.

An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0