Debian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
b7f2ce0f1e8a86c966bfba98bf404e0b81f1d24285a3ca41d94c909e96c042acDebian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
385647129b663bda8b7b80c7ab9d8755be58a12448ea8b942b67fbf58bdb5ab6Debian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
9753fc593c547aa3acf90a92efc61db7d1103658076025b830d712b7c645a1b8Debian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
f6816b624654c7e22f816bc23604063ee2015df2829ee2ecf33737fd6009f293Debian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
f0fdc31ab869bf51c7f25aa2d0563f1ffb0cba5df6bb5d7d99c9d1cba14fe05eDebian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
1885d99d6dbbcf1544713feb0901f8b29d07769bd3ff310279c79c7316273a52Debian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
47b3e5a4f805a01c0ddc8e3d59bfc974a87af121e15c62e6f5465c0d166e0582Debian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
5164e3653dc3a46a15217eeeec5541c95dbf2c97abfa33e6abb853abefef91b8Debian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
14834534a2495a956e7f7f3bb6ce30f069d8a8b095f931d6e4f7523bb6ee7df4Debian Linux Security Advisory 4623-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.
07b281b93bc3e551c542129111e82e593bafba8ae7fa8f3fa45f1cd3c949e937Debian Linux Security Advisory 4622-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.
d999adcd4a26533ad6b97e43e89785ffaeab03376921934028ff9754878be2cbDebian Linux Security Advisory 4618-1 - An out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.
c179eaaaef7143e1cb2c6653751bd0e79267e988cd5eacd79bb4afe1a5830efeDebian Linux Security Advisory 4619-1 - Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.
182a250ef2e3e8f678cce9391e0c00303ca592e52445db910d67c6a8a5f5f866Debian Linux Security Advisory 4617-1 - Two security issues were found in the Qt library, which could result in plugins and libraries being loaded from the current working directory, resulting in potential code execution.
48ae7c02fb0fe0d7af43603f03d35e5d7e73c409c41241a434c285dbf2509084Debian Linux Security Advisory 4616-1 - Two security issues have been found in the SLiRP networking implementation of QEMU, a fast processor emulator, which could result in the execution of arbitrary code or denial of service.
c86925d33e285cee87de038a4e6d41f8b66dba7c5d35bbf49853a20cf80e0b49Debian Linux Security Advisory 4615-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.
03a369105465ab891d0ad9ac2729ea84660e0bb558e98aa0f5f19ad82d5d3bfeDebian Linux Security Advisory 4614-1 - Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the "pwfeedback" option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges.
2957f727438c3e2bd92e2e038adc6d4f2ddfaacd4b035ca5555aec139dae983fDebian Linux Security Advisory 4613-1 - A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could result in denial of service, or the execution of arbitrary code when processing a long domain string.
e3db76e1233159bccb40c596b224ab1f03af6655b3d18061ad965e1cc5720856Debian Linux Security Advisory 4612-1 - It was discovered that the LDAP authentication modules for the Prosody Jabber/XMPP server incorrectly validated the XMPP address when checking whether a user has admin access.
a42b1dac3ec9dc5d5b341effadecefe702c5cd5ae620d147983707167d5ac1feDebian Linux Security Advisory 4610-1 - Multiple code execution vulnerabilities have been addressed in the webkit2gtk web engine.
b72fff7e1e706fc40373f9789f0230cfdf746cfdb51cbfc6194e3a233f5e7081Debian Linux Security Advisory 4611-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of email addresses which could result in the execution of arbitrary commands as root. In addition this update fixes a denial of service by triggering an opportunistic TLS downgrade.
b13a8757f4f9e0b2f590ed0cdbe4d23e4718fa37e2ea6ca4ed4d48c3bfa33f2aDebian Linux Security Advisory 4609-1 - Two security issues were found in the Python interface to the apt package manager; package downloads from unsigned repositories were incorrectly rejected and the hash validation relied on MD5.
183ef2617b0a2f81a817f8d952b2f5914ae4f2bdd3b732df89c57cdf0124b7ddDebian Linux Security Advisory 4608-1 - Multiple integer overflows have been discovered in the libtiff library and the included tools.
1a6497db176ef9c93ca93386cf14b443e5341a899bf60e73653e2502fddb4db2Debian Linux Security Advisory 4607-1 - Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server (after having accepted its identity certificate), can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer overflow.
4f4e3fff7bd0509ce1ac161fec38bfda002f9e838f665c2090308e3d7194c086Debian Linux Security Advisory 4606-1 - Several vulnerabilities have been discovered in the chromium web browser.
47a1ffe756710d40abf091af3228ad3cb6d71cef765a379e216217f87b6dd731
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed