Tag
#debian
Debian Linux Security Advisory 5466-1 - It was discovered that ntpd in ntpsec, a secure, hardened, and improved implementation derived from the original NTP project, could crash if NTS is disabled and an NTS-enabled client request (mode 3) is received.
Debian Linux Security Advisory 5464-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the same-origin policy, spoofing or sandbox bypass.
Debian Linux Security Advisory 5465-1 - Seokchan Yoon discovered that missing sanitising in the email and URL validators of Django, a Python web development framework, could result in denial of service.
CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.
Coupons CMS version 4.00 suffers from an open redirection vulnerability.
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. ### References - https://nvd.nist.gov/vuln/detail/CVE-2022-40149 - https://github.com/jettison-json/jettison/issues/45 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538 - https://github.com/jettison-json/jettison/pull/49/files - https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1 - https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html - https://www.debian.org/security/2023/dsa-5312
City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.
Debian Linux Security Advisory 5463-1 - A security issue was discovered in Thunderbird, which could result in spoofing of filenames of email attachments.
Debian Linux Security Advisory 5462-1 - Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in AMD "Zen 2" CPUs may not be written to 0 correctly. This flaw allows an attacker to leak sensitive information across concurrent processes, hyper threads and virtualized guests.
Debian Linux Security Advisory 5461-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.