Security
Headlines
HeadlinesLatestCVEs

Tag

#debian

CVE-2021-45082: Releases · cobbler/cobbler

An issue was discovered in Cobbler through 3.3.0. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

CVE
Open in Source
#web#mac#windows#ubuntu#linux#debian#js#git
CVE-2021-40841: Changelog

A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server.

CVE-2022-0543: #1005787 - redis: CVE-2022-0543 - Debian Bug report logs

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

CVE-2022-0543: #1005787 - redis: CVE-2022-0543 - Debian Bug report logs

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

CVE-2021-3578: Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug | The GitHub Blog

A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.

CVE-2021-3578: Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug | The GitHub Blog

A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.

CVE-2021-20001: etc/apache2/mods-available/debian-edu-userdir.conf: Disable built-in PHP engine. (4d39a588) · Commits · Debian Edu / debian-edu-config

It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.

CVE-2022-0530: SIGSEGV during the conversion of an utf-8 string to a local string

A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of an utf-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2022-0529: Heap out-of-bound writes and reads during conversion of wide string to local string

A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of wide string to local string that leads to a heap of out-of-bound writes. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2022-23378: GitHub - TheGetch/CVE-2022-23378

A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable.