Critical
CVSS: 9.8
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the ups…
High
CVSS: 8.2
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is
documented as being a safe operation even on untrusted data. This may result in leaving t…
Low
CVSS: 3.9
pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.
Critical
CVSS: 9.8
yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.
Critical
CVSS: 9.8
yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
Critical
CVSS: 9.8
pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends
are…
Medium
CVSS: 5.6
Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.
High
CVSS: 7.0
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Fix use-after-free in cifs_fill_dirent
There is a race condition in the readdir concurrency process, which may
access the rsp buffer after it has been releas…
High
CVSS: 7.8
In the Linux kernel, the following vulnerability has been resolved:
mm/khugepaged: fix ->anon_vma race
If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requires
it to be locked.
Page table traversal is allowed under any o…