6007 matches found
Updated wireshark packages fix security vulnerability
Version 3.0.7 fixes the following security vulnerability: CMS dissector crash CVE-2019-19553. This update also brings the Mageia package from version 3.0.4 to 3.0.7...
Updated tnef packages fix security vulnerability
Updated tnef package fixes security vulnerability: In tnef, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup CVE-2019-18849...
Updated memcached packages fix security vulnerability
AUpdated memcached packages fix security vulnerability: In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru tempttl" commands. This causes a denial of service when parsing crafted lru command messages in processlrucommand in memcached.c CVE-2019-11596...
Updated libreswan packages fix security vulnerability
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects...
Updated cronie packages fix security vulnerabilities
Updated cronie packages fix security vulnerabilities: Cronie before 1.5.3 allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked CVE-2019-9704. Cronie before 1.5.3 allows local users to cause a denial of service memory...
Updated python-django packages fix security vulnerability
If django.utils.numberformat.format -- used by contrib.admin as well as the floatformat, filesizeformat, and intcomma templates filters -- received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to ':f'.format CVE-2019-6975...
Updated pdns-recursor package fixes security vulnerabilities
An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua CVE-2019-3806. An issue has been found in PowerDNS Recursor where records in the...
Updated python-django16 package fixes security vulnerability
It was discovered that Django incorrectly handled the default 404 page. A remote attacker could use this issue to spoof content using a malicious URL CVE-2019-3498...
Updated apache-mod_perl packages fix security vulnerability
A flaw was found in modperl 2.0 through 2.0.10 which allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processi...
Updated tcpflow packages fix security vulnerability
pdated tcpflow package fixes security vulnerability: An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handleprism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the functio...
Updated okular packages fix security vulnerability
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive..." in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular...
Updated libpam4j package fixes security vulnerability
It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pamacctmgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in CVE-2017-12197...
Updated transmission packages fix a security vulnerability
Updated transmission packages fix security vulnerability: Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interfaces may result in the execution of arbitrary code if a user visits a malicious...
Updated puppet packages fix security vulnerability
It was discovered that Puppet incorrectly handled permissions when unpacking certain tarballs. A local user could possibly use this issue to execute arbitrary code CVE-2017-10689...
Updated xerces-c packages fix security vulnerability
The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could...
Updated SDL_image packages fix security vulnerability
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this...
Updated backintime packages fix security vulnerability
backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...
Updated fossil packages fix security vulnerability
Client-side code execution via crafted "ssh://" URLs CVE-2017-17459...
Updated openldap packages fix security vulnerability
A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query CVE-2017-9287. The openldap package ha...
Updated python-werkzeug packages fix security vulnerability
Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message CVE-2016-10516...
Updated xrdp packages fix security vulnerability
The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...
Updated pjproject packages fix security vulnerabilities
Two vulnerabilities were found in the PJSIP/PJProject communication library, which may result in denial of service CVE-2017-9359, CVE-2017-9372...
Updated weechat packages fix security vulnerability
It was discovered that logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized CVE-2017-14727...
Updated kauth and kdelibs4 packages fix security vulnerability
Sebastian Krahmer from SUSE discovered that the KAuth framework contains a logic flaw in which the service invoking dbus is not properly checked. This flaw allows spoofing the identity of the caller and gaining root privileges from an unprivileged account CVE-2017-8422...
Updated libffi packages fix security vulnerability
libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture. While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, such as t...
Updated rpcbind/libtirpc packages fix security vulnerability
It was discovered that rpcbind and libtirpc contain a vulnerability that allows an attacker to allocate any amount of bytes up to 4 gigabytes per attack on a remote rpcbind host, and the memory is never freed unless the process crashes or the administrator halts or restarts the rpcbind service...
Updated irssi packages fix security vulnerabilities
It was discovered that Irssi incorrectly handled certain DCC messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service CVE-2017-9468. Joseph Bisch discovered that Irssi incorrectly handled receiving incorrectly quoted DCC files. A remote...
Updated texlive packages fix security vulnerability
It was discovered that texlive whitelists mpost as an external program to be run from within the TeX source code called \write18. Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for arbitrary code execution when compiling a TeX document...
Updated flash-player-plugin packages fix security vulnerability
flash-player-plugin update fixes the following issues: A type confusion vulnerability that could lead to code execution CVE-2017-2995. An integer overflow vulnerability that could lead to code execution CVE-2017-2987. Use-after-free vulnerabilities that could lead to code execution CVE-2017-2982,...
Updated ruby-archive-tar-minitar packages fix security vulnerability
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry. CVE-2016-10173 Moreover the updated packages replace deprecated requiregem by gem to make minitar wo...
Updated irssi packages fix security vulnerabilities
In irssi before 0.8.21, a NULL pointer dereference in the nickcmp function CVE-2017-5193. In irssi before 0.8.21, use after free when receiving invalid nick message CVE-2017-5194. In irssi before 0.8.21, out of bounds read in certain incomplete control codes CVE-2017-5195. In irssi before 0.8.21,...
Updated bzip2 packages fix security vulnerability
A use-after-free flaw was found in bzip2recover, leading to a null pointer dereference, or a write to a closed file descriptor. An attacker could use this flaw by sending a specially crafted bzip2 file to recover and force the program to crash CVE-2016-3189...
Updated php-adodb packages fix security vulnerabilities
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. CVE-2016-7405 Cross Site Scripting vulnerability in test script CVE-2016-4855...
Updated mailman package fixes security vulnerability
Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...
Updated autotrace packages fix security vulnerability
autotrace failed to allocate sufficient memory to store the terminating NULL pointer in an array, causing an out of bounds write. CVE-2016-7392...
Updated libupnp packages fix security vulnerability
libupnp's default behavior allows an unauthenticated user access to a server's filesystem through POST and GET requests CVE-2016-6255...
Updated xerces-c packages fix security vulnerability
The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker CVE-2016-4464...
Updated libksba packages fix security vulnerabilities
Updated libksba packages fix security vulnerabilities: An out-of-bounds read access in ksbadntostr in libksba 1.3.3, due to an incomplete fix for CVE-2016-4356, could result in denial of service CVE-2016-4574. In liksba 1.3.3, the returned length of the object from ksbaberparsetl ti.length was no...
Updated quassel packages fix CVE-2016-4414
Updated quassel packages fix security vulnerability: It was found that quasselcore is vulnerable to a denial of service attack by unauthenticated clients. The protocol negotiation did not take into account lack of a match in handshake data, in which case PeerFactory::createPeer returns a nullptr,...
Updated cyrus-imapd packages fix security vulnerability
Cyrus-imapd versions 2.4.18 and earlier are vulnerable to potential integer and buffer overflows CVE-2015-8077, CVE-2015-8078...
Updated claws-mail packages fix security vulnerability
no bounds checking on the output buffer in convjistoeuc, conveuctojis, convsjistoeuc A Tails contributor found a vulnerability in claws-mail where in codeconv.c a function for japanese character set conversion called convjistoeuc has no bounds checking on the output buffer which is created on the...
Updated cups-filters packages fix CVE-2015-8560
Updated cups-filters package fixes security vulnerability: Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands CVE-2015-8560...
Updated tigervnc packages fix security vulnerabilities
Updated tigervnc packages fix security vulnerabilities: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the clien...
Updated putty packages fix security vulnerability
Versions of PuTTY 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator CVE-2015-5309...
Updated drupal package fixes security vulnerability
The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect...
Updated phpmyadmin package fixes security vulnerability
Content spoofing vulnerability when redirecting user to an external site CVE-2015-7873...
Updated ganglia-web packages fix CVE-2015-6816
An issue with the use of unserialize in ganglia-web allows authentication to be bypassed CVE-2015-6816...
Updated libidn packages fix CVE-2015-2059
Updated libidn packages fix security vulnerability: In libidn before 1.31, stringpreputf8toucs4 did not validate that the input UTF-8 string was actually valid UTF-8, which could lead to out-of-bounds reads CVE-2015-2059...
Updated pdns & pdns-recursor packages fix CVE-2015-1868
Updated pdns and pdns-recursor packages fix security vulnerability: A bug was discovered in the label decompression code in PowerDNS and PowerDNS Recursor, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to...
Updated quassel packages fix CVE-2015-3427
Updated quassel packages fix security vulnerability: Quassel is vulnerable to SQL injection through its use of Qt's postgres driver. If the PostgreSQL server is restarted or the connection is lost at any point, other IRC users may be able to trick the Quassel core into executing SQL queries upon...