Debian ≫ Debian Linux

Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."

A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.

autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.

OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.

python-docutils allows insecure usage of temporary files

burn allows file names to escape via mishandled quotation marks

Mumble: murmur-server has DoS due to malformed client query

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after...