Skip to content
It was discovered that the Nullsoft Scriptable Install System (NSIS) before version 3.09 mishandles access control for the uninstaller directory.…
debian-archive-keyring is a package containing GnuPG archive keys of the Debian archive. New GPG-keys are being constantly added with every new Debian release. For Debian 10 buster, GPG-keys for 12/bullseye Debian release are added…
An out-of-bounds read was found in sctp_load_addresses_from_init. For Debian 10 buster, this problem has been fixed in version 0.9.3.0+20190127-2+deb10u1.…
A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.…
Two denial of service vulnerabilities have been discovered in golang-yaml.v2, a library which provides YAML support for the Go language.…
A memory leak has been found in yajl, a JSON parser / small validating JSON generator written in ANSI C, which might allow an attacker to cause an out of memory situation and potentially causing a crash.…
Several vulnerabilities were fixed in the Python3 interpreter. CVE-2015-20107…
An issue has been found in cups, the Common UNIX Printing System(tm). Due to a use-after-free bug an attacker could cause a denial-of-service. In case of having access to the log files, an attacker could also…
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. CVE-2022-47184…
A buffer overrun in format_timespan() has been fixed in systemd, the default init system in Debian. Additionally, fixes for getting property OnExternalPower via D-Bus…
A flaw was found in the '/v2/_catalog' endpoint in 'distribution/distribution', which accepts a parameter to control the maximum number of records returned (query string: 'n'). This vulnerability allows a malicious user to…
Two vunerabilities were discovered in c-ares, an asynchronous name resolver library: CVE-2023-31130…
Missing input validation in various functions may have resulted in denial of service in various functions provided by libx11, the X11 client-side library.…
In OWSLib, a Python client library for Open Geospatial web services, the XML parser did not disable entity resolution which could lead to arbitrary file reads from an attacker-controlled XML payload.…
Issues were found in lua5.3, a powerful, light-weight programming language designed for extending applications, which may result in denial of service.…
Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input…
Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input…
Avahi a free zero-configuration networking (zeroconf) implementation, including a system for multicast DNS/DNS-SD service discovery, was affected by a Deny of Service. The event used to signal the termination of the client connection on the avahi Unix socket is not…
A heap-based buffer overflow vulnerability was found in the HTTP chunk parsing code of minidlna, a lightweight DLNA/UPnP-AV server, which may result in denial of service or the execution of arbitrary code.…
A heap-based buffer overflow vulnerability was found in the HTTP chunk parsing code of minidlna, a lightweight DLNA/UPnP-AV server, which may result in denial of service or the execution of arbitrary code.…
文 » A
Scroll Up
×