Debian Linux Security Advisory 4203-1 - Hans Jerry Illikainen discovered a type conversion vulnerability in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.
1a4526c34c11cb35227ed75e27ac929fDebian Linux Security Advisory 4202-1 - OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.
bca5c9e18380423f0b3f484011c480fcDebian Linux Security Advisory 4201-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
6a2925f0955d67772df80c9d7b10ff00Debian Linux Security Advisory 4200-1 - Fabian Vogt discovered that incorrect permission handling in the PAM module of the KDE Wallet could allow an unprivileged local user to gain ownership of arbitrary files.
5da48d16fafc9c8d14d4113a50ee4dbeDebian Linux Security Advisory 4199-1 - Several security issues have been found in the Mozilla Firefox web may lead to the execution of arbitrary code or denial of service.
6991f4c67e40de4d8cc3b49fe2433ea8Debian Linux Security Advisory 4198-1 - Albert Dengg discovered that incorrect parsing of <stream:error> messages in the Prosody Jabber/XMPP server may result in denial of service.
5480fa9a38d525cae754d1efbc6920fdDebian Linux Security Advisory 4197-1 - Multiple vulnerabilities were discovered in the wavpack audio codec which could result in denial of service or the execution of arbitrary code if malformed media files are processed.
a5df4ca7d685afb578c58630365bd843Debian Linux Security Advisory 4196-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
9b8a4b9bc03f27c6ba86c8131ab8bebeDebian Linux Security Advisory 4195-1 - Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values.
0a8ebefedcc50cb36f81573bebaba542Debian Linux Security Advisory 4194-1 - An XML external entity expansion vulnerability was discovered in the DataImportHandler of Solr, a search server based on Lucene, which could result in information disclosure.
15fd9e9c94776bc9be631214afe3065fDebian Linux Security Advisory 4193-1 - Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects.
a95e50f33116d55efc9790078f6fcb0dDebian Linux Security Advisory 4192-1 - Several vulnerabilities were discovered in MAD, an MPEG audio decoder library, which could result in denial of service if a malformed audio file is processed.
dfb7724aca1fa2482c9115c7a7285741Debian Linux Security Advisory 4191-1 - Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks.
bfe7dcef4c92a6e5e4a9b1178b6fe6f3Debian Linux Security Advisory 4190-1 - It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525.
62eb15c6aa91a254de8ee36c4ce682e6Debian Linux Security Advisory 4189-1 - Two vulnerabilities were found in the Quassel IRC client, which could result in the execution of arbitrary code or denial of service.
4e10fa9930830155e8c0fd1d3a361f73Debian Linux Security Advisory 4188-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
40218a570ce7c1511b3faa47a7e18487Debian Linux Security Advisory 4187-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
8f53637cc7f7ef1bdf7110ecc11496aaDebian Linux Security Advisory 4186-1 - It was discovered that gunicorn, an event-based HTTP/WSGI server was susceptible to HTTP Response splitting.
fa0fbddffa00a407fa0bb9f6c837cd1eDebian Linux Security Advisory 4185-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.
5671a7d29a470a3d6ff207a9cb9ca89cDebian Linux Security Advisory 4184-1 - Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.
35d719a54f7c00bb7862d3ab1a60ef92Debian Linux Security Advisory 4183-1 - It has been discovered that Tor, a connection-based low-latency anonymous communication system, contains a protocol-list handling bug that could be used to remotely crash directory authorities with a null-pointer exception (TROVE-2018-001).
189421bce99bbe222be894562dae7dfaDebian Linux Security Advisory 4181-1 - Andrea Basile discovered that the 'archive' plugin in roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize a user-controlled parameter, allowing a remote attacker to inject arbitrary IMAP commands and perform malicious actions.
459f02c0a478f815c8a302259ed429edDebian Linux Security Advisory 4182-1 - Several vulnerabilities have been discovered in the chromium web browser.
98a371c8c991350a922b861dabe3051dDebian Linux Security Advisory 4180-1 - A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework.
9b942c3459bfdadf2032b397cf8289f0Debian Linux Security Advisory 4179-1 - This update doesn't fix a vulnerability in linux-tools, but provides support for building Linux kernel modules with the "retpoline" mitigation for CVE-2017-5715 (Spectre variant 2).
f6b58c5678eeaa3119a721e13de26997
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed