Debian DSA-4782-1 : openldap - security update

A vulnerability in the handling of normalization with modrdn was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can use this flaw to cause a denial of service slapd daemon crash via a specially crafted packet. C Tenab...

Debian DSA-4776-1 : mariadb-10.3 - security update

A security issue was discovered in the MariaDB database server. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4776. The text itself is copyright C Software in the Public Interest, Inc. include"compat.inc"; ...

Debian DSA-4765-1 : modsecurity - security update

Ervin Hegedues discovered that ModSecurity v3 enabled global regular expression matching which could result in denial of service. For additional information please refer to https://coreruleset.org/20200914/cve-2020-15598/ C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian DSA-4754-1 : thunderbird - security update

Multiple security issues have been found in Thunderbird which could result in the execution of arbitrary code or the unintended installation of extensions. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4754...

Rails Action View Information Disclosure (CVE-2019-5418)

An information disclosure vulnerability exists in Debian Linux. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

Debian DSA-4731-1 : redis - security update

An integer overflow flaw leading to a stack-based buffer overflow was discovered in redis, a persistent key-value database. A remote attacker can use this flaw to cause a denial of service application crash. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

uWSGI PHP Plugin Directory Traversal (CVE-2018-7490)

A directory traversal vulnerability exists in Debian debian linux 8.0. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...

Debian DSA-4706-1 : drupal7 - security update

It was discovered that Drupal, a fully-featured content management framework, was suspectible to cross site request forgery. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2020-004 C Tenable Network Security, Inc. The descriptive text and packa...

Debian DSA-4653-1 : firefox-esr - security update

Two security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4653. The text itself is copyrigh...

Default configuration

Bubblewrap bwrap before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that...

Debian DSA-4646-1 : icu - security update

Andre Bargull discovered an integer overflow in the International Components for Unicode ICU library which could result in denial of service and potentially the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Node.js third-party modules: [sapper] Path Traversal

I would like to report a critical path traversal vunerability in the sapper module It allows an attacker to simply obain arbitrary files from the remote server, exploiting a simple path traversal using URL-encoded "../". Module module name: sapper version: 0.27.10 npm page:...

Debian DSA-4617-1 : qtbase-opensource-src - security update

Two security issues were found in the Qt library, which could result in plugins and libraries being loaded from the current working directory, resulting in potential code execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Debian DSA-4612-1 : prosody-modules - security update

It was discovered that the LDAP authentication modules for the Prosody Jabber/XMPP server incorrectly validated the XMPP address when checking whether a user has admin access. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Securi...

Debian DSA-4610-1 : webkit2gtk - security update

The following vulnerabilities have been discovered in the webkit2gtk web engine : - CVE-2019-8835 An anonymous researcher discovered that maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8844 William Bowling discovered that maliciously crafted web content may lead ...

Debian DSA-4591-1 : cyrus-sasl2 - security update

Stephan Zeisberg reported an out-of-bounds write vulnerability in the sasladdstring function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause denial-of-service conditions for applications using the...

Debian DSA-4590-1 : cyrus-imapd - security update

It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the 'fileinto' was used, bypassing ACL checks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisor...

Debian DSA-4539-1 : openssl - security update

Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7dataDecode and CMSdecryptset1pkey and it was discovered that a feature of the random number generator RNG intended to protect against shared RNG state between parent and child processes in th...

Debian DSA-4517-1 : exim4 - security update

'Zerons' and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

Debian DSA-4511-1 : nghttp2 - security update (Data Dribble) (Resource Loop)

Two vulnerabilities were discovered in the HTTP/2 code of the nghttp2 HTTP server, which could result in denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4511. The text itself is copyright C...