2114 matches found
Debian DSA-3757-1 : icedove - security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple vulnerabilities may lead to the execution of arbitrary code, data leakage or bypass of the content security policy. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Debian Security Advisory DSA 3760-1 (ikiwiki - security update)
Multiple vulnerabilities have been found in the Ikiwiki wiki compiler: CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs CVE-2016-10026 Editing restriction bypass for git revert CVE-2017-0356 Authentication bypass via repeated parameters Additional details on these...
Debian DSA-3755-1 : tomcat8 - security update
It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
Debian DSA-3754-1 : tomcat7 - security update
It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
Debian Security Advisory DSA 3756-1 (icoutils - security update)
Choongwoo Han discovered that a programming error in the wrestool tool of the icoutils suite allows denial of service or the execution of arbitrary code if a malformed binary is parsed. OpenVAS Vulnerability Test $Id: deb3756.nasl 7026 2017-08-31 06:13:04Z asteins $ Auto-generated from advisory D...
Debian Security Advisory DSA 3754-1 (tomcat7 - security update)
It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. OpenVAS Vulnerability Test $Id: deb3754.nasl 7026 2017-08-31 06:13:04Z asteins $ Auto-generated from advisory DSA 3754-1 using nvtgen 1.0 Script...
Debian Security Advisory DSA 3755-1 (tomcat8 - security update)
It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. OpenVAS Vulnerability Test $Id: deb3755.nasl 7026 2017-08-31 06:13:04Z asteins $ Auto-generated from advisory DSA 3755-1 using nvtgen 1.0 Script...
Debian Security Advisory DSA 3753-1 (libvncserver - security update)
It was discovered that libvncserver, a collection of libraries used to implement VNC/RFB clients and servers, incorrectly processed incoming network packets. This resulted in several heap-based buffer overflows, allowing a rogue server to either cause a DoS by crashing the client, or potentially...
Debian Security Advisory DSA 3750-1 (libphp-phpmailer - security update)
Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for this issue also CVE-2016-10045 was assigned, which is a regression in the original patch...
Debian Security Advisory DSA 3752-1 (pcsc-lite - security update)
Peter Wu discovered that a use-after-free in the pscd PC/SC daemon of PCSC-Lite might result in denial of service or potentially privilege escalation. OpenVAS Vulnerability Test $Id: deb3752.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3752-1 using nvtgen 1.0 Script...
Debian Security Advisory DSA 3751-1 (libgd2 - security update)
A stack overflow vulnerability was discovered within the gdImageFillToBorder function in libgd2, a library for programmatic graphics creation and manipulation, triggered when invalid colors are used with truecolor images. A remote attacker can take advantage of this flaw to cause a...
Debian Security Advisory DSA 3749-1 (dcmtk - security update)
Gjoko Krstic of Zero Science Labs discovered that dcmtk, a collection of libraries implementing the DICOM standard, did not properly handle the size of data received from the network. This could lead to denial-of-service via application crash or arbitrary code execution. OpenVAS Vulnerability Tes...
Debian DSA-3742-1 : flightgear - security update
It was discovered that the Flight Gear flight simulator performs insufficient sanitising of Nasal scripts which allows a malicious script to overwrite arbitrary files with the privileges of the user running Flight Gear. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-3738-1 : tomcat7 - security update
Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution. As part of this update, several regressions stemming from...
Debian Security Advisory DSA 3741-1 (tor - security update)
It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation. OpenVAS...
Debian DSA-3736-1 : libupnp - security update
Two vulnerabilities were discovered in libupnp, a portable SDK for UPnP devices. - CVE-2016-6255 Matthew Garret discovered that libupnp by default allows any user to write to the filesystem of the host running a libupnp-based server application. - CVE-2016-8863 Scott Tenaglia discovered a heap...
Debian Security Advisory DSA 3738-1 (tomcat7 - security update)
Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution. As part of this update, several regressions stemming from...
Debian Security Advisory DSA 3736-1 (libupnp - security update)
Two vulnerabilities were discovered in libupnp, a portable SDK for UPnP devices. CVE-2016-6255 Matthew Garret discovered that libupnp by default allows any user to write to the filesystem of the host running a libupnp-based server application. CVE-2016-8863 Scott Tenaglia discovered a heap buffer...
Debian Security Advisory DSA 3737-1 (php5 - security update)
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.29, which includes additional bug fixes. Please refer to the upstream changelog for mor...
Debian Security Advisory DSA 3733-1 (apt - security update)
Jann Horn of Google Project Zero discovered that APT, the high level package manager, does not properly handle errors when validating signatures on InRelease files. An attacker able to man-in-the-middle HTTP requests to an apt repository that uses InRelease files clearsigned Release files, can ta...