29 matches found
Debian DSA-4168-1 : squirrelmail - security update
Florian Grunow and Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrary files via mail attachment. C Tenable Network Security, Inc. The descriptive text and package checks in...
Debian DSA-4154-1 : net-snmp - security update
A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications, triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process causing a denia...
Debian DSA-4153-1 : firefox-esr - security update
It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4153. The text itself is copyright C Softwar...
Debian DSA-4098-1 : curl - security update
Two vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn't affect the oldstable distribution jessie. - CVE-2018-1000007 Craig de Stigter discovered that...
Debian DSA-4094-1 : smarty3 - security update
It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty. C Tenable Network Security, Inc. The descriptive text and package checks in...
Debian DSA-4092-1 : awstats - security update
The cPanel Security Team discovered that awstats, a log file analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Debian DSA-4022-1 : libreoffice - security update
Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
Debian DSA-3990-1 : asterisk - security update
Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak. Please see the upstream advisory at http://downloads.asterisk.org/pub/security/AST-2017-008.html for additional details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Debian DSA-3950-1 : libraw - security update
Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS Denial of Service with craft KDC or TIFF file. %NASLMINLEVEL 70300 C Tenable Network Security,...
Debian DSA-3937-1 : zabbix - security update
Lilith Wyatt discovered two vulnerabilities in the Zabbix network monitoring system which may result in execution of arbitrary code or database writes by malicious proxies. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
Debian DSA-3924-1 : varnish - security update
A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process. See https://varnish-cache.org/security/VSV00001.html for detail...
Debian DSA-3911-1 : evince - security update
Felix Wilhelm discovered that the Evince document viewer made insecure use of tar when opening tar comic book archives CBT. Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely. %NASLMINLEVEL 70300 C Tenable Network Security...
Debian DSA-3857-1 : mysql-connector-java - security update
Two vulnerabilities have been found in the MySQL Connector/J JDBC driver. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3857. The text itself is copyright C Software in the Public...
Debian DSA-3846-1 : libytnef - security update
Several issues were discovered in libytnef, a library used to decode application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat...
Debian DSA-3840-1 : mysql-connector-java - security update
Thijs Alkemade discovered that unexpected automatic deserialisation of Java objects in the MySQL Connector/J JDBC driver may result in the execution of arbitary code. For additional details, please refer to the advisory at https://www.computest.nl/advisories/CT-2017-0425MySQL-Connector-J.txt...
Debian DSA-3822-1 : gstreamer1.0 - security update
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-3800-1 : libquicktime - security update
Marco Romano discovered that libquicktime, a library for reading and writing QuickTime files, was vulnerable to an integer overflow attack. When opened, a specially crafted MP4 file would cause a denial of service by crashing the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...
Debian DSA-3778-1 : ruby-archive-tar-minitar - security update
Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library that provides the ability to deal with POSIX tar archive files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. dot do...
Debian DSA-3777-1 : libgd2 - security update
Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Debian DSA-3771-1 : firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...