Find the information you need for your favorite open source distribution .
node-json-schema, JSON Schema validation and specifications, was vulnerable to Improperly Controlled Modification of Object Prototype Attributes.
A potential cross-site scripting (XSS) vulnerability was discovered in ruby-rails-html-sanitizer, a library to clean (or "sanitize") HTML for rendering within Ruby on Rails web applications.
When parsing files containing Nef polygon data, several memory access violations may happen. Many of these allow code execution. CVE-2020-28601
AWStats, a powerful and featureful web server log analyzer, allowed XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
There was a potential HTTP request smuggling vulnerability in http-parser, a popular library for parsing HTTP messages. For Debian 10 buster, this problem has been fixed in version
This update fixes two file format vulnerabilities in giflib. CVE-2018-11490
ranjit-git discovered an information leak vulnerability in node-fetch, a Node.js module exposing a window.fetch compatible API on Node.js runtime: the module was not honoring the same-origin-policy and upon following a redirect would leak cookies to the the target URL.
Cristian-Alexandru Staicu discovered a prototype pollution vulnerability in inode-cached-path-relative, a Node.js module used to cache (memoize) the result of path.relative.
ClamAV, an anti-virus utility for Unix, v0.103.7 is a critical patch release with the following fixes: * Fix logical signature "Intermediates" feature.
Jhead, a tool for manipulating EXIF data embedded in JPEG images, allowed attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50, -autorot or -ce option. In addition a buffer overflow error in exif.c has been addressed which could lead to a denial
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This
g810-led, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.
Mitsurugi Heishiro found out that in VLC, multimedia player and streamer, a potential buffer overflow in the vnc module could trigger remote code execution if a malicious vnc URL is deliberately played.
This update adds size checks to thumbnail extraction. Prior to these checks, it was possible to overflow arguments to e.g. malloc and thus cause out-of-bounds memory accesses.
It was discovered that there was a potential Denial of Service (DoS) attack against krb5, a suite of tools implementing the Kerberos authentication system. An integer overflow in PAC parsing could have been exploited if a cross-realm entity acted maliciously.
Two vulnerabilities were discovered gerbv, a Gerber file viewer. Most Printed Circuit Board (PCB) design programs can export data to a Gerber file.
It was discovered that there was a potential out-of-bounds read in the BGP daemon of frr, a set of tools to route internet traffic. For Debian 10 buster, this problem has been fixed in version
It was discovered that twisted, a framework for internet applications written in Python, was prone to an HTML injection when displaying the HTTP Host header in an error page.
It was discovered that ini4j, a Java library for handling the Windows ini file format, was vulnerable to a denial of service attack via the fetch() method in BasicProfile class, if an attacker provided a manipulated ini file.
Martin van Kervel Smedshammer discovered a request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
