Debian ≫ Debian Linux

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

TYPO3 before 4.4.1 allows XSS in the frontend search box.

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

gdm3 3.14.2 and possibly later has an information leak before screen lock

Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.