DEBIAN-CVE-2025-40293

In the Linux kernel, the following vulnerability has been resolved: iommufd: Don't overflow during division for dirty tracking If pgshift is 63 then BITSPERTYPEbitmap-bitmap pgsize will overflow to 0 and this triggers divide by 0. In this case the index should just be 0, so reorganize things to...

DEBIAN-CVE-2022-49055

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmallocarray As the kmallocarray may return null, the 'eventwaitersi.wait' would lead to null-pointer dereference. Therefore, it is better to check the return value of kmallocarray t...

[SECURITY] [DSA 5859-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5859-1 [email protected] https://www.debian.org/security/ Andres Salomon February 05, 2025 https://www.debian.org/security/faq -...

DEBIAN-CVE-2024-55605

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the tolowercase, touppercase, stripwhitespace, compresswhitespace, dotprefix, headerlowercase, strippseudoheaders, urldecode, or xor...

DEBIAN-CVE-2024-46723

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning Clear warning that read ucode may out-of-bounds...

DEBIAN-CVE-2024-46687

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a use-after-free when hitting errors inside btrfssubmitchunk BUG There is an internal report that KASAN is reporting use-after-free, with the following backtrace: BUG: KASAN: slab-use-after-free in...

[SECURITY] [DLA 3834-1] netty security update

Debian LTS Advisory DLA-3834-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 21, 2024 https://wiki.debian.org/LTS Package : netty Version : 1:4.1.33-1+deb10u5 CVE ID : CVE-2024-29025 Debian Bug : 1068110 Julien Viet discovered that Netty, a Java NIO...

[SECURITY] [DSA 5717-1] php8.2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5717-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 20, 2024 https://www.debian.org/security/faq -...

DEBIAN-CVE-2022-48340

In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dhtsetxattrmdscbk use-after-free...

DEBIAN-CVE-2022-2831

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumbextract.cc may lead to program crash or memory corruption...

DEBIAN-CVE-2021-46051

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the MediaIsSelfContained function, which could cause a Denial of Service...

Debian DLA-2696-1 : libjdom2-java - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2696 advisory. It was discovered that there was an XML External Entity XXE issue in libjdom2-java, a library for reading and manipulating XML documents. Attackers could have caused a deni...

DEBIAN-CVE-2020-35494

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils...

DEBIAN-CVE-2020-11985

IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...

Debian DLA-2103-1 : debian-security-support update: libqb and mysql-5.5 end

debian-security-support, the Debian security support coverage checker, has been updated in jessie-security. This marks the end of life of the libqb package in jessie. A recently reported vulnerability against libqb which allows users to overwrite arbitrary files via a symlink attack cannot be...

DEBIAN-CVE-2017-8809

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability...

DEBIAN-CVE-2017-7868

International Components for Unicode ICU for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utextmoveIndex32 function...

DEBIAN-CVE-2017-6501

An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference...

DEBIAN-CVE-2014-1474

Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service CPU consumption via a string without an address...

DEBIAN-CVE-2012-0064

xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab...