Security
Headlines
HeadlinesLatestCVEs

Tag

#debian

Debian Security Advisory 5331-1

Debian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

Packet Storm
#vulnerability#linux#debian#dos#js#java
Debian Security Advisory 5330-1

Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.

Debian Security Advisory 5328-1

Debian Linux Security Advisory 5328-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5329-1

Debian Linux Security Advisory 5329-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named.

CVE-2022-38775: Security issues

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

CVE-2018-25078: root privilege escalation through setuid executable and cron job

man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)

Debian Security Advisory 5327-1

Debian Linux Security Advisory 5327-1 - Sebastien Meriot discovered that the S3 API of Swift, a distributed virtual object store, was susceptible to information disclosure.

Debian Security Advisory 5326-1

Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.

Debian Security Advisory 5325-1

Debian Linux Security Advisory 5325-1 - It was discovered that SPIP, a website engine for publishing, would allow a malicious user to SQL injection attacks, or bypass authorization access.

CVE-2023-22617: Changelogs for 4.8.X — PowerDNS Recursor documentation

A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.