Debian ≫ Debian Linux

Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.

libuser has information disclosure when moving user's home directory

quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of servi...

Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.

generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafte...