Find the information you need for your favorite open source distribution .
Two vulnerabilities were found in lemonldap-ng, an OpenID-Connect, CAS and SAML compatible Web-SSO system, that could result in information disclosure or impersonation.
A logic error was discovered in the implementation of the "SafeSocks" option of Tor, a connection-based low-latency anonymous communication system, which did result in allowing unsafe SOCKS4 traffic to pass.
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
Multiple issues were found in modsecurity-apache, open source, cross platform web application firewall (WAF) engine for Apache which allows remote attackers to bypass the applications firewall and other unspecified impact.
Two vulnerabilities were discovered in Git, a distributed revision control system. An attacker may trigger code execution in specific situations.
Sebastien Meriot discovered that the S3 API of Swift, a distributed virtual object store, was susceptible to information disclosure. For Debian 10 buster, this problem has been fixed in version
Multiple issues were found in libde265, an open source implementation of the H.265 video codec, which may result in denial of service or have unspecified other impact.
Multiple vulnerabilities were found in trafficserver, a caching proxy server. CVE-2021-37150
Multiple vulnerabilities were found in tiff, a library and tools providing support for the Tag Image File Format (TIFF), leading to denial of service (DoS) and possibly local code execution.
Powerline Gitstatus, a status line plugin for the VIM editor, allows arbitrary code execution. Git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory
Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, was susceptible to denial of service via recursive XML entity expansion.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42852
It was discovered that the CompareTool of iText, a Java PDF library which uses the external ghostscript software to compare PDFs at a pixel level, allowed command injection when parsing a specially crafted filename.
Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle '--' to separate the editor and arguments
A Regular Expression Denial of Service (ReDoS) vulnerability was found in node-minimatch, a Node.js module used to convert glob expressions into RegExp objects, which could result in Denial of Service when calling the `braceExpand()` function with specific arguments.
menglong2234 discovered NULL pointer exceptions in net-snmp, a suite of Simple Network Management Protocol applications, which could could result in debian of service.
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.
Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
