Debian ≫ Debian Linux

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.

liboping 1.3.2 allows users reading arbitrary files upon the local system.

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.

gri before 2.12.18 generates temporary files in an insecure way.

clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.

Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.