Red Hat Security Advisory 2020-1840-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include an information leakage vulnerability.
179c450f5486128e09d227d463e27144c9b0b365175069306e8100d7c94d5fe9Red Hat Security Advisory 2020-1660-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include an open redirection vulnerability.
90b971c2267a5bcdacfc52a703cfa0c3dcb690bd2faf9c70437153516329c083Debian Linux Security Advisory 4649-1 - Felix Wilhelm of Google Project Zero discovered that HAProxy, a TCP/HTTP reverse proxy, did not properly handle HTTP/2 headers. This would allow an attacker to write arbitrary bytes around a certain location on the heap, resulting in denial-of-service or potential arbitrary code execution.
80baf89b62669c231d6573be3cd65d0c449865262825b3da687c69972b88fa1fDebian Linux Security Advisory 4650-1 - Miguel Onoro reported that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name within an RSS feed if qbittorrent is configured to run an external program on torrent completion.
81ce00615031776c64f048ce089f6f75f331fe3f4abddb5f9e3c4aa3270399acDebian Linux Security Advisory 4651-1 - It was discovered that some user-generated CSS selectors in MediaWiki, a website engine for collaborative work, were not escaped.
d17755778ec0652c3137136a772240f280b29611279e7312bc723cfb1be767d5Debian Linux Security Advisory 4652-1 - A flaw was reported in the DTLS protocol implementation in GnuTLS, a library implementing the TLS and SSL protocols. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol.
bd5dd42b9957180f46e511abd5eb5521011266cfa67e4ddbac33c829c40d72b7Debian Linux Security Advisory 4653-1 - Two security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code.
9206823583d1efd121a952d4237f63cb25f26a30e32c7ba4c33f0e1b15427997Debian Linux Security Advisory 4654-1 - Several vulnerabilities have been discovered in the chromium web browser.
eb37ce287f2987a01a6ab211c3ae32971d113611b85e1c4a961fbfec12020b71Debian Linux Security Advisory 4655-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
efe2c24c0e1fe45c57948cc07d04003c364ff99ec8d0e12cfb5c370d063a5de1Debian Linux Security Advisory 4656-1 - Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code.
2d2c1cb1156457c6f32aebf2e73219a19c5c4e60c084f6e7ed144d3f9d0fd566Debian Linux Security Advisory 4657-1 - Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to return credential information for a wrong host.
ce8ec173f3d76b1ac080eefe167ec67f57b23d1913659b9bb470439c7a7194d0Debian Linux Security Advisory 4658-1 - Cim Stordal discovered that maliciously crafted web content may lead to arbitrary code execution or a denial of service.
11c7119ecd521d09b2561d0bf6441997fdb04a2e605a3157e7f6c90778284a06Debian Linux Security Advisory 4659-1 - Carlo Arenas discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted.
7e41c7d75ba37564259d8c8c2e4ce63562940212e515560618f5a128975ae46eDebian Linux Security Advisory 4660-1 - Andrew Bartlett discovered that awl, DAViCal Andrew's Web Libraries, malicious user to impersonate other sessions or users.
d14095013bc4345b9d53182ad3fe2328475b68b9b0270a2ca6e8ae46acc9948dDebian Linux Security Advisory 4661-1 - Bernd Edlinger discovered that malformed data passed to the SSL_check_chain() function during or after a TLS 1.3 handshake could cause a NULL dereference, resulting in denial of service.
3faefeb667e7fe966d939c7bff2fe1049e3f01f3da2e48e7811f880c8bef3e32Debian Linux Security Advisory 4662-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks.
e1f4be2aab0e8cbf6c972605185c19400a1df32a9e1dd2bdce635595d751b2dfDebian Linux Security Advisory 4663-1 - It was discovered that python-reportlab, a Python library to create PDF documents, is prone to a code injection vulnerability while parsing a color attribute. An attacker can take advantage of this flaw to execute arbitrary code if a specially crafted document is processed.
c6ee0e5b39fde54b3f6d5a876a4515a91eefc353b0be02570660e8d8851e3824Debian Linux Security Advisory 4664-1 - Hanno Boeck discovered that it was possible to create a cross site scripting attack on the webarchives of the Mailman mailing list manager, by sending a special type of attachement.
09c0d89623aeba3e355963e4fb44ac1c91f262fe630252861bbd87472c6980d2Debian Linux Security Advisory 4665-1 - Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the execution of arbitrary code.
81315edbca95ad15b3796581291dff9ece1d005c96f9de1a1801e5a62f53b2d7Debian Linux Security Advisory 4666-1 - A vulnerability was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. LDAP search filters with nested boolean expressions can result in denial of service (slapd daemon crash).
5a8084ec79d28e638a475d5f2ac624f139f316084273697004a5acd8d0b4aa31Debian Linux Security Advisory 4667-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
16323d64ec34cdde8160250d74f386fe52de579ba9ed063c3eb7063b6b8aa960Debian Linux Security Advisory 4668-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks.
c6a36cf635a8c59ea54c2d511bf37c7a3a38ba79b7e03abbca04320af75a7fbeDebian Linux Security Advisory 4669-1 - Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or HTTP request smuggling.
6f962b4fe577287f2ccb2224302c35d90acb45019bf2b11ea4da941e04961852Debian Linux Security Advisory 4670-1 - Several vulnerabilities have been found in the TIFF library, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.
c1a1ebb800f6eea3aa3c362bdcbbdcb9cabe3c24343edfae3ba875a383aaefabDebian Linux Security Advisory 4671-1 - Multiple security issues were discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets.
ef9df0bd2be4dedf52d06e6a738551173e591d33d7bf4295bffdcb2548c9f31f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed