Debian ≫ Debian Linux

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.

If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access t...

OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space

atop: symlink attack possible due to insecure tempfile handling

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.

liboping 1.3.2 allows users reading arbitrary files upon the local system.

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.

gri before 2.12.18 generates temporary files in an insecure way.