CVE-2018-1050

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash...

Debian: Security Advisory (DSA-4021-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-14650

A Remote Code Execution vulnerability has been found in the HordeImage library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applicatio...

CVE-2017-14650

A Remote Code Execution vulnerability has been found in the HordeImage library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applicatio...

ImageMagick -- multiple vulnerabilities

Debian reports: Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service or the execution of arbitrary code if malformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed...

TYPO3 'mso/idna-convert' Library Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 'mso/idna-convert'. Because the program fails to filter user-supplied input, an attacker could exploit the vulnerability to execute arbitrary...

DSA-3598-1 vlc - security update

Bulletin has no description...

[DLA 40-1] cacti security update

Package : cacti Version : 0.8.7g-1+squeeze5 CVE ID : CVE-2014-5025 CVE-2014-5026 CVE-2014-5261 CVE-2014-5262 Debian Bug : 755032 Multiple security issues cross-site scripting, missing input sanitizing and SQL injection have been discovered in Cacti, a web interface for graphing of monitoring...

Debian Security Advisory DSA 3007-1 (cacti - security update)

Multiple security issues cross-site scripting, missing input sanitising and SQL injection have been discovered in Cacti, a web interface for graphing of monitoring systems. OpenVAS Vulnerability Test $Id: deb3007.nasl 6750 2017-07-18 09:56:47Z teissa $ Auto-generated from advisory DSA 3007-1 usin...

cacti security update

Package : cacti Version : 0.8.7g-1+squeeze4 CVE ID : CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 CVE-2014-2708 CVE-2014-2709 CVE-2014-4002 Debian Bug : 742768 743565 752573 Multiple security issues cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising have been...

cacti security update

Package : cacti Version : 0.8.7g-1+squeeze4 CVE ID : CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 CVE-2014-2708 CVE-2014-2709 CVE-2014-4002 Debian Bug : 742768 743565 752573 Multiple security issues cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising have been...

Debian DSA-2791-1 : tryton-client - missing input sanitization

Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client...

[SECURITY] [DSA 2791-1] tryton-client security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2791-1 [email protected] http://www.debian.org/security/ Florian Weimer November 04, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)

Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb24622.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory D...

Debian Security Advisory DSA 2593-1 (moin - several vulnerabilities)

It was discovered that missing input validation in the twikidraw and anywikidraw actions can result in the execution of arbitrary code. This security issue is being actively exploited. This update also addresses path traversal in AttachFile. OpenVAS Vulnerability Test $Id: deb25931.nasl 6611...

Debian DSA-2693-1 : libx11 - several vulnerabilities

Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to...

Debian Security Advisory DSA 2685-1 (libxp - several vulnerabilities)

Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to...

[SECURITY] [DSA 2601-1] gnupg, gnupg2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2601-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 06, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2601-1 (gnupg, gnupg2 - missing input sanitation)

KB Sriram discovered that GnuPG, the GNU Privacy Guard did not sufficiently sanitise public keys on import, which could lead to memory and keyring corruption. The problem affects both version 1, in the gnupg package, and version two, in the gnupg2 package. OpenVAS Vulnerability Test $Id:...

Debian DSA-2449-1 : sqlalchemy - missing input sanitization

It was discovered that SQLAlchemy, a SQL toolkit and object relational mapper for Python, is not sanitizing input passed to the limit/offset keywords to select as well as the value passed to select.limit/offset. This allows an attacker to perform SQL injection attacks against applications using...