Debian Linux Security Advisory 4369-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
ab9b9c1cef656cea30c34fbb287babebDebian Linux Security Advisory 4368-1 - Guido Vranken discovered that an incorrect bounds check in ZeroMQ, a lightweight messaging kernel, could result in the execution of arbitrary code.
d0ebb6a44e5eb5ba095db014dad1e17cDebian Linux Security Advisory 4367-1 - The Qualys Research Labs discovered multiple vulnerabilities in systemd-journald. Two memory corruption flaws, via attacker-controlled alloca()s (CVE-2018-16864, CVE-2018-16865) and an out-of-bounds read flaw leading to an information leak (CVE-2018-16866), could allow an attacker to cause a denial of service or the execution of arbitrary code.
52119bef744619b328f6429303d66914Debian Linux Security Advisory 4366-1 - An integer underflow was discovered in the CAF demuxer of the VLC media player.
f989ec5bb88316be6b84b61109281105Debian Linux Security Advisory 4365-1 - Stephen Roettger discovered a race condition in tmpreaper, a program that cleans up files in directories based on their age, which could result in local privilege escalation.
b7df79db42b0fc4f6ea9529905cda3e3Debian Linux Security Advisory 4364-1 - It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements.
1ac92e51a244345f0cc61b7ed70eaeceDebian Linux Security Advisory 4363-1 - It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.
2b825f3bca76165c30b5aef53b5d1a60Debian Linux Security Advisory 4362-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
80dcf628f232bfe02e71774b9db016beDebian Linux Security Advisory 4361-1 - Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or memory disclosure if a malformed OLE file is processed.
b43be8237a136841f4750d9c2097b56bDebian Linux Security Advisory 4360-1 - Multiple security issues were found in libarchive, a multi-format archive in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service.
6a235854464e47acb4a9d64678bdfb75Debian Linux Security Advisory 4359-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of arbitrary code.
d98736f909db3a6d8c9f16012f775c11Debian Linux Security Advisory 4358-1 - The Shopify Application Security Team discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML injection vulnerability. A specially crafted HTML fragment can cause to allow non- whitelisted attributes to be used on a whitelisted HTML element.
5871c1514b94b71b02b3d526961e0662Debian Linux Security Advisory 4346-2 - The update for ghostscript issued as DSA-4346-1 caused a regression when used with certain options (cf. Debian bug #915832). Updated packages are now available to correct this issue.
4ebe4377d75447466034ea74c03b0c16Debian Linux Security Advisory 4357-1 - Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in mod_jk, the Apache connector for the Tomcat Java servlet engine. The vulnerability is addressed by upgrading mod_jk to the new upstream version 1.2.46, which includes additional changes.
9e847d769318a725230a89eab33578d6Debian Linux Security Advisory 4356-1 - Jacob Baines discovered a flaw in the handling of the DSI Opensession command in Netatalk, an implementation of the AppleTalk Protocol Suite, allowing an unauthenticated user to execute arbitrary code with root privileges.
9de55ea3fc805ca7f3f0c1fd3e1fd942Debian Linux Security Advisory 4355-1 - Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
cb9dcaf98d42d86ba8f80a539e4c194eDebian Linux Security Advisory 4354-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.
069b08206411c967d5eeab694c9e2c5aDebian Linux Security Advisory 4353-1 - Multiple security issues were found in PHP, a widely-used open source denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a insufficient input validation which can result in the execution of arbitrary shell commands in the imap_open() function and denial of service in the imap_mail() function.
d9b1a99e04d2c1e6335bb4aef129d5a1Debian Linux Security Advisory 4352-1 - Several vulnerabilities have been discovered in the chromium web browser.
4cdb441fbb96629a60581147817832f7Debian Linux Security Advisory 4351-1 - It was discovered that PHPMailer, a library to send email from PHP applications, is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code.
caddae86ea0cbb47f309c50d59d72537Debian Linux Security Advisory 4350-1 - It was discovered that incorrect processing of very high UIDs in Policykit, a framework for managing administrative policies and privileges, could result in authentication bypass.
f77c7575733e7e18b3953cef1e1c78a2Debian Linux Security Advisory 4349-1 - Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.
6897f1ef190f40a3af0d27ad61263ffcDebian Linux Security Advisory 4348-1 - Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
9f26279cb338cd2494304ede9e253c79Debian Linux Security Advisory 4347-1 - Multiple vulnerabilities were discovered in the implementation of the Perl programming language.
55b5f8a7009fa232b7fe40ce3b498a47Debian Linux Security Advisory 4346-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).
f89266c182d9b77cb78d4b9d1bb90820
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed