2115 matches found
Debian Security Advisory DSA 3855-1 (jbig2dec - security update)
Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened. OpenVAS Vulnerability Test...
Debian DSA-3850-1 : rtmpdump - security update
Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small dumper/library for RTMP media streams, which may result in denial of service or the execution of arbitrary code if a malformed stream is dumped. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-3848-1 : git - security update
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn 'git upload-pack --help'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
Debian Security Advisory DSA 3848-1 (git - security update)
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn OpenVAS Vulnerability Test $Id: deb3848.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3848-1...
Debian Security Advisory DSA 3845-1 (libtirpc - security update)
Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion depending on memory management settings. OpenVAS Vulnerability Test $Id: deb3845.nasl 6607 2017-07-07...
Debian DSA-3825-1 : jhead - security update
It was discovered that jhead, a tool to manipulate the non-image part of EXIF compliant JPEG files, is prone to an out-of-bounds access vulnerability, which may result in denial of service or, potentially, the execution of arbitrary code if an image with specially crafted EXIF data is processed...
Debian Security Advisory DSA 3823-1 (eject - security update)
Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to check if a given device is an encrypted device handled by devmapper, and used in eject, does not check return values from setuid and setgid when dropping privileges. OpenVAS Vulnerability Test $Id: deb3823.nasl 6607 2017-07-0...
Debian Security Advisory DSA 3821-1 (gst-plugins-ugly1.0 - security update)
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. OpenVAS Vulnerability Test $Id: deb3821.nasl 6607 2017-07-07 12:04:25Z cfisch...
Debian Security Advisory DSA 3819-1 (gst-plugins-base1.0 - security update)
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. OpenVAS Vulnerability Test $Id: deb3819.nasl 6607 2017-07-07 12:04:25Z cfisch...
Debian Security Advisory DSA 3814-1 (audiofile - security update)
Several vulnerabilities have been discovered in the audiofile library, which may result in denial of service or the execution of arbitrary code if a malformed audio file is processed. OpenVAS Vulnerability Test $Id: deb3814.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DS...
Debian DSA-3812-1 : ioquake3 - security update
It was discovered that ioquake3, a modified version of the ioQuake3 game engine performs insufficent restrictions on automatically downloaded content pk3 files or game code, which allows malicious game servers to modify configuration settings including driver settings. %NASLMINLEVEL 70300 C Tenab...
Debian Security Advisory DSA 3811-1 (wireshark - security update)
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for ASTERIX, DHCPv6, NetScaler, LDSS, IAX2, WSP, K12 and STANAG 4607, that could lead to various crashes, denial-of-service or execution of arbitrary code. OpenVAS Vulnerability Test...
Debian DSA-3801-1 : ruby-zip - security update
It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. %NASLMINLEVEL 70300 C...
Debian Security Advisory DSA 3797-1 (mupdf - security update)
Multiple vulnerabilities have been found in the PDF viewer MuPDF, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened. OpenVAS Vulnerability Test $Id: deb3797.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3797-1...
Debian: Security Advisory (DSA-3791-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 3786-1 (vim - security update)
Editor spell files passed to the vim Vi IMproved editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb3786.nasl 6607 2017-07-07...
Debian DSA-3784-1 : viewvc - security update
Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
Debian Security Advisory DSA 3777-1 (libgd2 - security update)
Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. OpenVAS Vulnerability Test $Id: deb3777.nasl 6607 2017-07-...
Debian Security Advisory DSA 3771-1 (firefox-esr - security update)
Multiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation. OpenVAS Vulnerability Test $Id: deb3771.nasl 6607...
Debian Security Advisory DSA 3763-1 (pdns-recursor - security update)
Florian Heinz and Martin Kluge reported that pdns-recursor, a recursive DNS server, parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a...