521 matches found
Debian: Security Advisory (DLA-1537-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1784)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2271-1 : coturn security update
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client an attacker could use their connection to intelligently query coturn to get interesting bytes in the...
Debian: Security Advisory (DLA-2266-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2262-1 : qemu security update
Several vulnerabilities were fixed in qemu, a fast processor emulator. CVE-2020-1983 slirp: Fix use-after-free in ipreass. CVE-2020-13361 es1370transferaudio in hw/audio/es1370.c allowed guest OS users to trigger an out-of-bounds access during an es1370write operation. CVE-2020-13362...
Debian: Security Advisory (DLA-2258-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2260-1 : mcabber security update
It was discovered that there was a 'roster push attack' in mcabber, a console-based Jabber XMPP client. This is identical to CVE-2015-8688 for gajim. For Debian 8 'Jessie', this problem has been fixed in version 0.10.2-1+deb8u1. We recommend that you upgrade your mcabber packages. NOTE: Tenable...
[SECURITY] [DLA 2260-1] mcabber security update
Package : mcabber Version : 0.10.2-1+deb8u1 CVE ID : CVE-2016-9928 It was discovered that there was a "roster push attack" in mcabber, a console-based Jabber XMPP client. This is identical to CVE-2015-8688 for gajim. For Debian 8 "Jessie", this problem has been fixed in version 0.10.2-1+deb8u1. W...
[SECURITY] [DLA 2255-1] libtasn1-6 security update
Package : libtasn1-6 Version : 4.2-3+deb8u4 CVE ID : CVE-2017-10790 A vulnerability has been discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library. For Debian 8 "Jessie", this problem...
Debian DLA-2254-1 : alpine security update
CVE-2020-14929 Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. For Debian 8...
Debian DLA-2251-1 : rails security update
Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application. CVE-2020-8164 Strong parameters bypass vector in ActionPack. In some cases us...
Debian DLA-2252-1 : ngircd security update
It was discovered that there was an out-of-bounds access vulnerability in the server-server protocol in the ngircd Internet Relay Chat IRC server. For Debian 8 'Jessie', this issue has been fixed in ngircd version 22-2+deb8u1. We recommend that you upgrade your ngircd packages. NOTE: Tenable...
Debian DLA-2253-1 : lynis security update
It was discovered that there was a vulnerability in lynis, a security auditing tool. The license key could be obtained by simple observation of the process list when a data upload is being performed. For Debian 8 'Jessie', this issue has been fixed in lynis version 1.6.3-1+deb8u1. We recommend th...
Debian DLA-2247-1 : thunderbird security update
Multiple security issues have been found in Thunderbird which could result in the setup of a non-encrypted IMAP connection, denial of service or potentially the execution of arbitrary code. For Debian 8 'Jessie', these problems have been fixed in version 1:68.9.0-1deb8u2. NOTE: 1:68.9.0esr-1deb8u...
Debian: Security Advisory (DLA-2247-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2246-1] xawtv security update
Package : xawtv Version : 3.103-3+deb8u1 CVE ID : CVE-2020-13696 Debian Bug : 962221 An issue was discovered in LinuxTV xawtv before 3.107. The function devopen in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem...
[SECURITY] [DLA 2233-2] python-django regression update
Package : python-django Version : 1.7.11-1+deb8u10 CVE ID : CVE-2020-13254 It was discovered that there was a regression in the latest update to Django, the Python web development framework. The upstream fix for CVE-2020-13254 to address data leakages via malformed memcached keys could, in some...
Debian: Security Advisory (DLA-2240-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2243-1] firefox-esr security update [REVISED]
Package : firefox-esr Version : 68.9.0esr-1deb8u2 CVE ID : CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a timing attack on cryptographic...
[SECURITY] [DLA 2240-1] bluez security update
Package : bluez Version : 5.43-2+deb9u2deb8u1 CVE ID : CVE-2020-0556 Debian Bug : 953770 It was reported that the BlueZs HID and HOGP profile implementations dont specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target...