Debian ≫ Debian Linux

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.

v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.

phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.