Dell EMC Avamar ADMe Web Interface is affected by a local file inclusion vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application. Versions 1.0.50 and 1.0.51 are affected.
7acfa0ed5a7472704419b66813b778ef436398a2db8ae457ca89f746c7f72462Dell EMC Avamar and Integrated Data Protection Appliance (IDPA) suffer from a command injection vulnerability. Affected versions include Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1, Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2.
e91a4b5adacabddf553d673763a0de8bbd43bf53cd6e4cc7669866c7d8dd18d5Dell EMC Avamar and Integrated Data Protection Appliance (IDPA) suffer from an information exposure vulnerability. Affected versions include Dell EMC Avamar Server 7.2.0 and 7.2.1, Dell EMC Avamar Server 7.3.0 and 7.3.1, Dell EMC Avamar Server 7.4.0 and 7.4.1, and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0.
51c0fd129f391efd132a30f5c7d9b7c7eeff4304a86ef8eb192552466d3d5a3aDell EMC Avamar and IDPA suffer from remote code execution and open redirection vulnerabilities. Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 are affected.
15cbf37afa0b2a7fcb1c42bebfcbe6cd5096b494d352554298114052d555f07dDELL EMC Avamar fails to restrict access to Configuration section that let Administrators set up Installation Manager configurations, or check for new packages from the Online Support site. An unauthenticated, remote attacker could add an Online Support Account for DELL EMC without any user interaction.
42f6942fd19142aaa2470d8266c6f9ada3b65f0227f43fd6c4a0fce736e249c1The Dell EMC Avamar Installation Manager component, within Dell EMC Avamar Server and Integrated Data Protection Appliance, is affected by a missing access control vulnerability. Dell EMC Avamar Server versions 7.3.1, 7.4.1, 7.50 and Dell EMC Integrated Data Protection Appliance versions 2.0 and 2.1 are affected.
bc0a9071db43bf513962de4bda5906b92686e69bb48f1b92b6901540dcc7b01dDebian Security Advisory 1090-1: A vulnerability has been discovered in SpamAssassin, a Perl-based spam filter using text analysis, that can allow remote attackers to execute arbitrary commands.
02af200793b7e244c4a6b4fe5d2841488b69e1beab1bc69d7f7aa68a87ab8331Debian Security Advisory 1092-1: Josh Berkus and Tom Lane discovered that MySQL 4.1, a popular SQL database, incorrectly parses strings escaped with mysql_real_escape() which could lead to SQL injection. This problem does only exist in versions 4.1 and 5.0.
9cd677d7cab0d5299bde3ef5872d558a13d09edfdb77e41de4b88733ee229e5cDebian Security Advisory 1091-1: Several problems have been discovered in the TIFF library.
66343940af8c0223f2a8631a194f7e7297a14918d31e5d5732112e6f4543f34dDebian Security Advisory 1089-1 - Several problems have been discovered in freeradius, a high-performance and highly configurable RADIUS server.
f275f74c7d55aa83870e73d7e1a2a8b0db5f44850cc54a12670d4d150d119052Debian Security Advisory 1088-1 - Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the ktools library which is used in centericq, a text-mode multi-protocol instant messenger client, which may lead local or remote attackers to execute arbitrary code.
af84903a19c48ced1c85cbe8572e645eb82c405f6aa29149734a8b10811800a4Debian Security Advisory 1087-1 - Several encoding problems have been discovered in PostgreSQL, a popular SQL database.
1350d9f73394fa6a2735b526e2d97ced883b138230871a8578d22caefbd197b4Debian Security Advisory 1086-1: The xmcdconfig creates directories world-writeable allowing local users to fill the /usr and /var partition and hence cause a denial of service. This problem has been half-fixed since version 2.3-1.
6c651630037fb5a3d3e0c09a5a7566cd2e210e7396cd7553174d3d3cea923642Debian Security Advisory 1085-1: Several vulnerabilities have been discovered in lynx, the popular text-mode WWW browser.
04757ea7b1bd42204648df0712cb6de2c2fe06c16478845a86ec741f644e3e74Debian Security Advisory 1085-1: Several vulnerabilities have been discoverd in lynx, the popular text-mode WWW browser.
04757ea7b1bd42204648df0712cb6de2c2fe06c16478845a86ec741f644e3e74Debian Security Advisory 1084-1: Niko Tyni discovered a buffer overflow in the processing of network data in typespeed, a game for testing and improving typing speed, which could lead to the execution of arbitrary code.
c16bc9b2d6af46f664de257b0b57614f79fbbd1b99641f38575320e937518becDebian Security Advisory 1083-1: Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the ktools library which is used in motor, an integrated development environment for C, C++ and Java, which may lead local attackers to execute arbitrary code.
ca1b601bf971c4b462dbeb8ce5a2ec40d806f7581ad8f6d67b43941a417ca3c4Debian Security Advisory 1082-1: Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
b2c2ec10a7f438c348a95d77fa8aa09d897af538b1d2250b260bc7c2283a5dc5Debian Security Advisory 1081-1: Luigi Auriemma discovered a buffer overflow in the processing of ASF files in libextractor, a library to extract arbitrary meta-data from files., which can lead to the execution of arbitrary code.
b63bda0e6f0bee9216c35e85b9e84d03272ea93f7fbb2854ca9f397799c3dae1Debian Security Advisory 1080-1: A problem has been discovered in the IMAP component of Dovecot, a secure mail server that supports mbox and maildir mailboxes, which can lead to information disclosure via directory traversal by authenticated users.
27fad67d0b9f97104f55ecba2ad0a241d17c74ba358d35ed0ea75f0d15529bbeDebian Security Advisory 1079-1: Several vulnerabilities have been discovered in MySQL, a popular SQL database.
860b41d7785394158809348ab62002f84f0aedf0636beda1c8d18b4138f0b854Debian Security Advisory 1078-1: Andrey Kiselev discovered a problem in the TIFF library that may allow an attacker with a specially crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values to crash the library and hence the surrounding application.
7a6d99eb0359d15d77ab433b391e7a31d1e06e4db08cb5d53855ad718e3c79ffDebian Security Advisory 1077-1: Michael Zalewski discovered that lynx, the popular text-mode WWW Browser, is not able to grok invalid HTML including a TEXTAREA tag with a large COLS value and a large tag name in an element that is not terminated, and loops forever trying to render the broken HTML. The same code is present in lynx-ssl.
4ccbb0226a47aa74d61576733444cb233439312abfd43ed8d0853fe7cff8b90bDebian Security Advisory 1076-1: Michal Zalewski discovered that lynx, the popular text-mode WWW Browser, is not able to grok invalid HTML including a TEXTAREA tag with a large COLS value and a large tag name in an element that is not terminated, and loops forever trying to render the broken HTML.
219718ec04d7b2dab6f92879428c758f8092a0e2edd929ea53cc2cd6d00c7eb7Debian Security Advisory 1075-1: Hendrik Weimer discovered that awstats can execute arbitrary commands under the user id the web-server runs when users are allowed to supply arbitrary configuration files. Even though, this bug was referenced in DSA 1058 accidently, it was not fixed yet.
88cf5acf3b8e1e9efe8730579c1c91d27616a1fe36699c1960664b09e81dcf93Debian Security Advisory 1074-1: A. Alejandro Hern
c950d477246aaa1411c089a7a5b99ff8faefe7443b45e1fd76bf6da9d7dc9eb1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed