Debian ≫ Debian Linux

Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.

The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself,...

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by...

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.

A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

Dump Servlet information leak in jetty before 6.1.22.

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.