Find the information you need for your favorite open source distribution .
Multiple issues were found in gpac, a multimedia framework featuring the MP4Box muxer. CVE-2018-21015
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or information disclosure.
In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests
It was discovered that there were a number of cross-site scripting vulnerabilities in cacti, a web interface for monitoring systems. For Debian 8 "Jessie", this issue has been fixed in cacti version
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
In debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server allowed password changes for other Kerberos user principals.
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in gThumb and Pix
An input sanitization bypass was discovered in Wordpress, a popular content management framework. An attacker can use this flaw to send malicious scripts to an unsuspecting user.
Included in Log4j 1.2, a logging library for Java, is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for
It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation.
It was found that sa-exim, the SpamAssassin filter for Exim, allows attackers to execute arbitrary code if users are allowed to run custom rules. A similar issue was fixed in spamassassin, CVE-2018-11805, which caused a functional regression in sa-exim. This update restores the
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.
It was found that certain cryptographic primitives in nss, the Network Security Service libraries, did not check the length of the input text. This could result in a potential heap-based buffer overflow.
It was discovered that there were three vulnerabilities in Pillow, an imaging library for the Python programming language: * CVE-2019-19911: Prevent a denial-of-service vulnerability caused
It was discovered that there was a HTTP request smuggling vulnerability in waitress, pure-Python WSGI server. If a proxy server is used in front of waitress, an invalid request
It was discovered that the fix to address an ECDSA timing attack in the libgcrypt20 cryptographic library was incomplete. For Debian 8 "Jessie", this issue has been fixed in libgcrypt20
An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesn’t have permissions.
Multiple buffer overflows have been fixed in jhead, a program to manipulate the non-image part of Exif compliant JPEG files. For Debian 8 "Jessie", these problems have been fixed in version
An issue has been found in igraph, a library for creating and manipulating graphs. A NULL pointer dereference vulneribility was detected in
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
