Find the information you need for your favorite open source distribution .
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing. For Debian 10 buster, these problems have been fixed in version
It was discovered that there was a potential Denial of Service (DoS) vulnerability in Django, a popular Python-based web development framework.
Several vulnerabilities have been fixed in the libstb library. CVE-2018-16981
A couple of vulnerabilities were reported against ruby-git, a Ruby interface to the Git revision control system, that could lead to a command injection and execution of an arbitrary ruby code by having a user to load a repository containing a specially crafted filename
An issue was discovered in Nova, an OpenStack project that provides a way to provision compute instances (aka virtual servers). By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy
An issue was discovered in OpenStack Cinder, a Block Storage service for OpenStack. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the
An issue was discovered in Glance, OpenStack Image Registry and Delivery Service - Daemons. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the
Nathanael Braun and Johan Brissaud discovered a prototype poisoning vulnerability in node-qs, a Node.js module to parse and stringify query strings. node-qs 6.5.x before 6.5.3 allows for instance the creation of array-like objects by setting an Array in the `__ proto__` property; the
Several vulnerabilities, like directory traversal vulnerability, ReDoS vulnerability, et al, were found in ruby-rack, a modular Ruby webserver interface.
processCropSelections in tools/tiffcrop.c in LibTIFF, the Tag Image File Format (TIFF) library and tools, has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
HTML::StripScripts, a module for removing scripts from HTML, allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A couple of vulnerabilities were reported as follows:
An issue has been found in libarchive, a multi-format archive and compression library. Due to missing checks after calloc, null pointer dereferences might
Multiple issues were found in modsecurity-crs, a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls, which allows remote attackers to bypass the web applications firewall.
Missing message length and attributes length checks when handling STUN packages have been fixed in sofia-sip, a SIP (Session Initiation Protocol) User-Agent library.
It was discovered that node-object-path, a Node.js module to access deep object properties using dot-separated paths, was vulnerable to prototype pollution.
Two vulnerabilities were found in dojo, a modular JavaScript toolkit, that could result in information disclosure. CVE-2020-4051
Crafted arguments to a function could lead to an unchecked return value and a null pointer dereference.
Several vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
