Debian ≫ Debian Linux

WebApp JSP Snoop page XSS in jetty though 6.1.21.

Drupal versions 5.x and 6.x has open redirection

TYPO3 before 4.5.4 allows Information Disclosure in the backend.

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

There is a possible heap overflow in libclamav/fsg.c before 0.100.0.

archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

TYPO3 before 4.4.1 allows XSS in the frontend search box.

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.