Debian LTS: DLA-3291-1: node-object-path security update
It was discovered that node-object-path, a Node.js module to access deep object properties using dot-separated paths, was vulnerable to prototype pollution.
Find the information you need for your favorite open source distribution .
It was discovered that node-object-path, a Node.js module to access deep object properties using dot-separated paths, was vulnerable to prototype pollution.
Two vulnerabilities were found in dojo, a modular JavaScript toolkit, that could result in information disclosure. CVE-2020-4051
Crafted arguments to a function could lead to an unchecked return value and a null pointer dereference.
Several vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
Two vulnerabilities were found in lemonldap-ng, an OpenID-Connect, CAS and SAML compatible Web-SSO system, that could result in information disclosure or impersonation.
A logic error was discovered in the implementation of the "SafeSocks" option of Tor, a connection-based low-latency anonymous communication system, which did result in allowing unsafe SOCKS4 traffic to pass.
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
Multiple issues were found in modsecurity-apache, open source, cross platform web application firewall (WAF) engine for Apache which allows remote attackers to bypass the applications firewall and other unspecified impact.