2119 matches found
Debian Security Advisory DSA 3398-1 (strongswan - security update)
Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without...
Debian Security Advisory DSA 3392-1 (freeimage - security update)
Pengsu Cheng discovered that FreeImage, a library for graphic image formats, contained multiple integer underflows that could lead to a denial of service: remote attackers were able to trigger a crash by supplying a specially crafted image. OpenVAS Vulnerability Test $Id: deb3392.nasl 6609...
Debian Security Advisory DSA 3385-1 (mariadb-10.0 - security update)
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.22. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10021-release-notes...
CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...
Vulnerabilities in the Debian GNU/Linux operating system that allow attackers to compromise security of information
The multiple vulnerabilities of the ibfillisqlda function in the DBD-Firebird database driver for the Debian GNU/Linux operating system are caused by a buffer overflow in the stack. Exploitation of these vulnerabilities could allow an attacker to compromise security measures...
Debian Security Advisory DSA 3384-1 (virtualbox - security update)
Two vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution. OpenVAS Vulnerability Test $Id: deb3384.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3384-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c...
Debian Security Advisory DSA 3370-1 (freetype - security update)
It was discovered that FreeType did not properly handle some malformed inputs. This could allow remote attackers to cause a denial of service crash via crafted font files. OpenVAS Vulnerability Test $Id: deb3370.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3370-1 usi...
Debian DSA-3367-1 : wireshark - security update
Multiple vulnerabilities were discovered in the dissectors/parsers for ZigBee, GSM RLC/MAC, WaveAgent, ptvcursor, OpenFlow, WCCP and in internal functions which could result in denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian Security Advisory DSA 3368-1 (cyrus-sasl2 - security update)
It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts. A remote attacker can take advantage of this flaw to cause a denial of service. OpenVAS Vulnerability Test $Id: deb3368.nasl 6609...
Debian Security Advisory DSA 3363-1 (owncloud-client - security update)
Johannes Kliemann discovered a vulnerability in ownCloud Desktop Client, the client-side of the ownCloud file sharing services. The vulnerability allows man-in-the-middle attacks in situations where the server is using self-signed certificates and the connection is already established. If the use...
Debian Security Advisory DSA 3353-1 (openslp-dfsg - security update)
Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an implementation of the IETF Service Location Protocol. This could allow remote attackers to cause a denial of service crash. OpenVAS Vulnerability Test $Id: deb3353.nasl 7739 2017-11-13 05:04:18Z teissa $ Auto-generated from...
Debian DLA-296-1 : extplorer security update
Multiple cross-site scripting XSS vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has...
Debian DSA-3340-1 : zendframework - security update
Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data. %NASLMINLEVEL 70300 C...
Debian Security Advisory DSA 3340-1 (zendframework - security update)
Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data. OpenVAS Vulnerability...
Debian Security Advisory DSA 3334-1 (gnutls28 - security update)
Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName DN entries leads to double free. A remote attacker can take advantage of this flaw by creating a specially crafted certificate that, when processed by an application compiled against GnuTLS, could cause t...
The vulnerability of the Debian GNU/Linux operating system, which allows a perpetrator to gain access to protected information
The vulnerability of the bufferslowrealign function in the HAProxy package for the Debian GNU/Linux operating system arises due to overflow in the buffer in dynamic memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to protected information throu...
Debian Security Advisory DSA 3327-1 (squid3 - security update)
Alex Rousskov of The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not correctly handle CONNECT method peer responses when configured with cachepeer and operating on explicit proxy traffic. This could allow remote clients to gain unrestricted access through a...
The vulnerability of the Debian GNU/Linux operating system allows a perpetrator to execute arbitrary code or cause service interruptions.
The vulnerability of the WriteProlog function in the printing subsystem of the Debian GNU/Linux operating system is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure by using a specially crafted...
Debian Security Advisory DSA 3319-1 (bind9 - security update)
Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit. OpenVAS Vulnerability Test $Id:...
Debian Security Advisory DSA 3316-1 (openjdk-7 - security update)
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography. OpenVAS Vulnerability Test $Id: deb3316.nasl 660...