2114 matches found
Debian Security Advisory DSA 3903-1 (tiff - security update)
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb3903.nasl 6682 2017-07-12 09:00:18Z cfischer $ Auto-generated from advisory DSA 3903-1 using...
Debian DSA-3891-1 : tomcat8 - security update
Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacemen...
Debian DSA-3895-1 : flatpak - security update
It was discovered that Flatpak, an application deployment framework for desktop apps insufficiently restricted file permissinons in third-party repositories, which could result in privilege escalation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
Debian Security Advisory DSA 3893-1 (jython - security update)
Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer. OpenVAS Vulnerability Test $Id: deb3893.nasl 6782 2017-07-2...
Debian DSA-3890-1 : spip - security update
Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Debian Security Advisory DSA 3890-1 (spip - security update)
Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution. OpenVAS Vulnerability Test $Id: deb3890.nasl 6607...
Debian Security Advisory DSA 3888-1 (exim4 - security update)
The Qualys Research Labs discovered a memory leak in the Exim mail transport agent. This is not a security vulnerability in Exim by itself, but can be used to exploit a vulnerability in stack handling. OpenVAS Vulnerability Test $Id: deb3888.nasl 6618 2017-07-07 14:17:52Z cfischer $ Auto-generate...
Debian Security Advisory DSA 3884-1 (gnutls28 - security update)
Hubert Kario discovered that GnuTLS, a library implementing the TLS and SSL protocols, does not properly decode a status response TLS extension, allowing a remote attacker to cause an application using the GnuTLS library to crash denial of service. OpenVAS Vulnerability Test $Id: deb3884.nasl 660...
Debian Security Advisory DSA 3878-1 (zziplib - security update)
Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed. OpenVAS Vulnerability Test $Id: deb3878.nasl 6607 2017-07-07 12:04:25Z...
Debian Security Advisory DSA 3869-1 (tnef - security update)
It was discovered that tnef, a tool used to unpack MIME attachments of type OpenVAS Vulnerability Test $Id: deb3869.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3869-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2017 Greenbo...
Debian DSA-3869-1 : tnef - security update
It was discovered that tnef, a tool used to unpack MIME attachments of type 'application/ms-tnef', did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by application crash...
Debian DSA-3870-1 : wordpress - security update
Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-3864-1 : fop - security update
It was discovered that an XML external entities vulnerability in the Apache FOP XML formatter may result in information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3864. Th...
Debian Security Advisory DSA 3868-1 (openldap - security update)
Karsten Heymann discovered that the OpenLDAP directory server can be crashed by performing a paged search with a page size of 0, resulting in denial of service. This vulnerability is limited to the MDB storage backend. OpenVAS Vulnerability Test $Id: deb3868.nasl 6607 2017-07-07 12:04:25Z cfische...
Debian DSA-3865-1 : mosquitto - security update
It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3865. The text itself is copyright C Software in t...
Debian DSA-3861-1 : libtasn1-6 - security update
Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into...
Debian Security Advisory DSA 3861-1 (libtasn1-6 - security update)
Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into...
Debian Security Advisory DSA 3858-1 (openjdk-7 - security update)
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in privilege escalation, denial of service, newline injection in SMTP or use of insecure cryptography. OpenVAS Vulnerability Test $Id: deb3858.nasl 6607 2017-07-07 12:04:25Z cfischer ...
Debian Security Advisory DSA 3855-1 (jbig2dec - security update)
Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened. OpenVAS Vulnerability Test...
Debian Security Advisory DSA 3857-1 (mysql-connector-java - security update)
Two vulnerabilities have been found in the MySQL Connector/J JDBC driver. OpenVAS Vulnerability Test $Id: deb3857.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3857-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2017 Greenbone...