CVE-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

[SECURITY] [DLA 2603-1] libmediainfo security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2603-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 23, 2021 https://wiki.debian.org/LTS -...

CVE-2020-5238

The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes On n time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project...

CVE-2019-20202

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmlcharcontent tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault...

CVE-2005-4890

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process...

CVE-2019-5419

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

[SECURITY] [DLA 1395-1] php-horde-image security update

Package : php-horde-image Version : 2.1.0-4+deb8u1 CVE IDs : CVE-2017-9774 CVE-2017-14650 Debian Bugs : 865505 876400 It was discovered that there were two remote code execution vulnerabilities in php-horde-image, the image processing library for the Horde https://www.horde.org/ groupware tool:...

CVE-2018-12422

addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the...

CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

CVE-2017-11499

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots...

CVE-2017-11537

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception FPE in the WritePALMImage function in coders/palm.c, related to an incorrect bits-per-pixel calculation...

CVE-2017-5616

Cross-site scripting XSS vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter...

[SECURITY] [DLA 795-1] hesiod security update

Package : hesiod Version : 3.0.2-21+deb7u1 CVE IDs : CVE-2016-10151 CVE-2016-10152 Debian Bugs : 852094, 852093 It was discovered that there were two vulnerabilities in hesiod, Project Athenas DNS-based directory service: CVE-2016-10151: A weak SUID check allowing privilege elevation...

CVE-2016-9913

Memory leak in the v9fsdeviceunrealizecommon function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local privileged guest OS users to cause a denial of service host memory consumption and possibly QEMU process crash via vectors involving the order of resource cleanup...

CVE-2016-4069

Cross-site request forgery CSRF vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service disk consumption via unspecified vectors...

CVE-2016-3994

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service application crash or obtain sensitive information via a crafted image, which triggers an out-of-bounds read...

[SECURITY] [DLA 91-1] tomcat6 security update

Package : tomcat6 Version : 6.0.41-2+squeeze5 CVE ID : CVE-2012-3439 CVE-2013-1571 CVE-2013-4286 CVE-2013-4322 CVE-2013-4590 CVE-2014-0033 Debian Bugs : 299635 608286 654136 659748 664072 665393 666256 668761 671373 677912 682955 687818 692440 695250 713796 717279 This is an upgrade from tomcat...

CVE-2013-6887

OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors...