Find the information you need for your favorite open source distribution .
A command injection vulnerability was found in FreeCAD, a parametric 3D modeler, when importing DWF files with crafted filenames. For Debian 9 stretch, this problem has been fixed in version
Two security issues have been found in the Mozilla Firefox web browser, which result in the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in version
Several issues have been found in tiff, a library and tools to manipulate and convert files in the Tag Image File Format (TIFF). CVE-2022-22844
It was discovered that the SQL plugin in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, is prone to a SQL injection attack. An authenticated remote attacker can take advantage
An out-of-bounds write was discovered in Thunderbird, which could be triggered via a malformed email message. For Debian 9 stretch, this problem has been fixed in version
One issue have been discovered in ujson: ultra fast JSON encoder and decoder for Python. CVE-2021-45958
Several issues have been found in htmldoc, an HTML processor that generates indexed HTML, PS, and PDF.
It was discovered that Twisted, a Python event-based framework for internet applications, is affected by HTTP request splitting vulnerabilities, and may expose sensitive data when following redirects. An attacker may bypass validation checks and retrieve
It was discovered that zsh, a powerful shell and scripting language, did not prevent recursive prompt expansion. This would allow an attacker to execute arbitrary commands into a user's shell, for instance by tricking a vcs_info user into checking out a git branch
This security updates includes two fixes, backported respectively from Drupal version 7.87 and 7.88: - Fix a regression caused by Query ui position() backport in version
Security researchers of JFrog Security and Ismail Aydemir discovered two remote code execution vulnerabilities in the H2 Java SQL database engine which can be exploited through various attack vectors, most notably through the H2 Console and by loading custom classes from remote servers through
It was found that PgBouncer, a PostgreSQL connection pooler, was susceptible to an arbitrary SQL injection attack if a man-in-the-middle could inject data when a connection using certificate authentication is established.
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in version
James Kettle discovered that a request smuggling attack can be performed on HTTP/1 connections on Varnish servers, high-performance web accelerators. The smuggled request would be treated as an additional request by the Varnish server which may lead to information disclosure and cache poisoning.
Two issues have been discovered in python2.7: CVE-2021-3177
Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, bypass of deserialization restrictions or information disclosure.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
Several issues were found in ConnMan, a connection manager for embedded devices, that could cause denial of service via service crash or excessive CPU usage.
xterm, an X terminal emulator, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
