Debian DSA-4079-1 : poppler - security update

Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

VMware Workstation ALSA Config File Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workstation ALSA Config File Local Privilege Escalation', 'Description' = %q This module exploits a vulnerability in VMware Workstation Pr...

The vulnerability in the software for converting images on the Debian GNU/Linux operating system arises from overflowing buffers in dynamic memory, allowing an attacker to cause the application to terminate abnormally.

The vulnerability of the software for converting image formats in the Debian GNU/Linux operating system is caused by an overflow in the buffer of dynamic memory. Exploiting this vulnerability allows a malicious actor to cause the application to terminate abnormally by using a specially crafted cu...

Debian DSA-4067-1 : openafs - security update

It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Debian DSA-4068-1 : rsync - security update

Several vulnerabilities were discovered in rsync, a fast, versatile, remote and local file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian DSA-4039-1 : opensaml2 - security update

Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. See...

PT-2018-5762 · Netapp +7 · Netapp Oncommand Shift +26

Name of the Vulnerable Software and Affected Versions: jackson-databind versions prior to 2.8.11 and 2.9.4 debian linux affected versions not specified fasterxml jackson-databind affected versions not specified netapp oncommand balance affected versions not specified netapp oncommand performance...

Debian DSA-4021-1 : otrs2 - security update

It was discovered that missing input validation in the Open Ticket Request System could result in privilege escalation by an agent with write permissions for statistics. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

The vulnerability of the modular IRC server InspIRCd for the Debian GNU/Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the modular IRC server InspIRCd for the Debian GNU/Linux operating system is related to improper handling of integer variables. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

Debian DSA-4012-1 : libav - security update

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11 .11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Debian DSA-4011-1 : quagga - security update

It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment ASPATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-4004-1 : jackson-databind - security update

Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. %NASLMINLEVEL 70300 C Tenable...

Debian DSA-3931-1 : ruby-rack-cors - security update

Jens Mueller discovered that an incorrect regular expression in rack-cors may lead to insufficient restriction of CORS requests. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3931. The...

Debian DSA-3970-1 : emacs24 - security update

Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data e.g. when using Emacs-based mail clients. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Debian DSA-3965-1 : file - security update

Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted .notes section is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Debian DSA-3941-1 : iortcw - security update

A read buffer overflow was discovered in the idtech3 Quake III Arena family of game engines. This allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted packet. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-3938-1 : libgd2 - security update

Matviy Kotoniy reported that the gdImageCreateFromGifCtx function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a...

Debian DSA-3935-1 : postgresql-9.4 - security update

Several vulnerabilities have been found in the PostgreSQL database system : - CVE-2017-7546 In some authentication methods empty passwords were accepted. - CVE-2017-7547 User mappings could leak data to unprivileged users. - CVE-2017-7548 The loput function ignored ACLs. For more in-depth...

Debian DSA-3928-1 : firefox-esr - security update

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of...

Debian DSA-3925-1 : qemu - security update

Multiple vulnerabilities were found in qemu, a fast processor emulator : - CVE-2017-9524 Denial of service in qemu-nbd server - CVE-2017-10806 Buffer overflow in USB redirector - CVE-2017-11334 Out-of-band memory access in DMA operations - CVE-2017-11434 Out-of-band memory access in SLIRP/DHCP...