2114 matches found
The vulnerability of the modular IRC server InspIRCd for the Debian GNU/Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the modular IRC server InspIRCd for the Debian GNU/Linux operating system is related to improper handling of integer variables. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
Debian DSA-4012-1 : libav - security update
Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11 .11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
Debian DSA-4011-1 : quagga - security update
It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment ASPATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Debian DSA-4004-1 : jackson-databind - security update
Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. %NASLMINLEVEL 70300 C Tenable...
Debian DSA-3931-1 : ruby-rack-cors - security update
Jens Mueller discovered that an incorrect regular expression in rack-cors may lead to insufficient restriction of CORS requests. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3931. The...
Debian DSA-3970-1 : emacs24 - security update
Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data e.g. when using Emacs-based mail clients. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
Debian DSA-3965-1 : file - security update
Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted .notes section is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
Debian DSA-3941-1 : iortcw - security update
A read buffer overflow was discovered in the idtech3 Quake III Arena family of game engines. This allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted packet. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Debian DSA-3935-1 : postgresql-9.4 - security update
Several vulnerabilities have been found in the PostgreSQL database system : - CVE-2017-7546 In some authentication methods empty passwords were accepted. - CVE-2017-7547 User mappings could leak data to unprivileged users. - CVE-2017-7548 The loput function ignored ACLs. For more in-depth...
Debian DSA-3938-1 : libgd2 - security update
Matviy Kotoniy reported that the gdImageCreateFromGifCtx function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a...
Debian DSA-3928-1 : firefox-esr - security update
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of...
Debian DSA-3925-1 : qemu - security update
Multiple vulnerabilities were found in qemu, a fast processor emulator : - CVE-2017-9524 Denial of service in qemu-nbd server - CVE-2017-10806 Buffer overflow in USB redirector - CVE-2017-11334 Out-of-band memory access in DMA operations - CVE-2017-11434 Out-of-band memory access in SLIRP/DHCP...
Debian Security Advisory DSA 3923-1 (freerdp - security update)
Tyler Bohan of Talos discovered that FreeRDP, a free implementation of the Remote Desktop Protocol RDP, contained several vulnerabilities that allowed a malicious remote server or a man-in-the-middle to either cause a DoS by forcibly terminating the client, or execute arbitrary code on the client...
Debian Security Advisory DSA 3921-1 (enigmail - security update)
In DSA 3918 Thunderbird was upgraded to the latest ESR series. This update upgrades Enigmail, the OpenPGP extention for Thunderbird, to version 1.9.8.1 to restore full compatibility. OpenVAS Vulnerability Test $Id: deb3921.nasl 6835 2017-08-02 12:55:28Z cfischer $ Auto-generated from advisory DSA...
Debian Security Advisory DSA 3922-1 (mysql-5.5 - security update)
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.57, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see th...
Debian Security Advisory DSA 3919-1 (openjdk-8 - security update)
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, use of insecure cryptography, side channel attacks, information disclosure, the execution of arbitrary code, denial of service or bypassing Jar verification. OpenVA...
Debian Security Advisory DSA 3909-1 (samba - security update)
Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus OpenVAS Vulnerability Test $Id: deb3909.nasl 6800 2017-07-26 06:58:22Z cfischer $ Auto-generated from advisory DSA...
Debian DSA-3905-1 : xorg-server - security update
Two security issues have been discovered in the X.org X server, which may lead to privilege escalation or an information leak. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3905. The tex...
Debian DSA-3903-1 : tiff - security update
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Debian Security Advisory DSA 3902-1 (jabberd2 - security update)
It was discovered that jabberd2, a Jabber instant messenger server, allowed anonymous SASL connections, even if disabled in the configuration. OpenVAS Vulnerability Test $Id: deb3902.nasl 6757 2017-07-19 05:57:31Z cfischer $ Auto-generated from advisory DSA 3902-1 using nvtgen 1.0 Script version:...