511 matches found
Debian DSA-3870-1 : wordpress - security update
Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-3869-1 : tnef - security update
It was discovered that tnef, a tool used to unpack MIME attachments of type 'application/ms-tnef', did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by application crash...
Debian DSA-3867-1 : sudo - security update
The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse '/proc/pid/stat' to read the device number of the tty from field 7 ttynr. A sudoers user can take advantage of this flaw on an SELinux-enabled syst...
Debian DSA-3850-1 : rtmpdump - security update
Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small dumper/library for RTMP media streams, which may result in denial of service or the execution of arbitrary code if a malformed stream is dumped. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
openSUSE Security Update : dpkg (openSUSE-2017-549)
This update for dpkg fixes the following issues : This security issue was fixed : - CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in dpkg allowed remote attackers to execute arbitrary code via the archive magic version number in an...
Debian DLA-931-1 : freetype security update
It was found that a malformed font could result in denial of service or the execution of arbitrary code. For Debian 7 'Wheezy', these problems have been fixed in version 2.4.9-1.1+deb7u7. We recommend that you upgrade your freetype packages. NOTE: Tenable Network Security has extracted the...
CVE-2017-8283
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source...
CVE-2017-8283
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source...
Directory traversal
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source...
CVE-2017-8283
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source...
CVE-2017-8283
CVE-2017-8283 concerns dpkg-source in dpkg 1.3.0 through 1.18.23, which can invoke a non-GNU patch program and lacks protection for blank-indented diff hunks. This enables remote attackers to perform directory traversal via a crafted Debian source package, demonstrated by using dpkg-source on Net...
CVE-2017-8283
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source...
CVE-2017-8283
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source...
SUSE SLED12 / SLES12 Security Update : dpkg (SUSE-SU-2017:1096-1)
This update for dpkg fixes the following issues: This security issue was fixed : - CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in dpkg allowed remote attackers to execute arbitrary code via the archive magic version number in an...
SUSE-SU-2017:1096-1 Security update for dpkg
This update for dpkg fixes the following issues: This security issue was fixed: - CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in dpkg allowed remote attackers to execute arbitrary code via the archive magic version number in an...
Debian DSA-3785-1 : jasper - security update
Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
Debian DSA-3742-1 : flightgear - security update
It was discovered that the Flight Gear flight simulator performs insufficient sanitising of Nasal scripts which allows a malicious script to overwrite arbitrary files with the privileges of the user running Flight Gear. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Fedora Update for dpkg FEDORA-2016-5608472a90
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for dpkg FEDORA-2016-10ec03ed27
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for dpkg FEDORA-2016-0918477a60
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...