Debian ≫ Debian Linux

python-requests-Kerberos through 0.5 does not handle mutual authentication

ZF2014-03 has a potential cross site scripting vector in multiple view helpers

imagemagick 6.8.9.6 has remote DOS via infinite loop

read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.

duplicity 0.6.24 has improper verification of SSL certificates

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities

mcollective has a default password set at install

In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users...

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti ...