feed2list
feed2list will stop its service on 2019-01-01
Search and browse in Computer · Security
   search hits: 33
website Debian Security
Debian Security Advisories

Multiple vulnerabilities were discovered in Ceph, a distributed storage and file system: The cephx authentication protocol was suspectible to replay attacks and calculated signatures incorrectly, ceph mon did not validate capabilities for pool operations (resulting in potential corruption or deletion of snapshot images) and a format string vulnerability in libradosstriper could result in denial of service.


Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service.


Multiple security issues have been found in Thunderbird: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.


Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service, disclosure of existence and size of arbitrary files, or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).


Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could result in denial of service in processing HTTP/2 (via excessive memory/CPU usage) or server memory disclosure in the ngx_http_mp4_module module (used for server-side MP4 streaming).


Multiple vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer which could result in denial of service or the execution of arbitrary code if malformed documents are opened.


Nick Rolfe discovered multiple buffer overflows in the Icecast multimedia streaming server which could result in the execution of arbitrary code.


Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems:


Two vulnerabilities were discovered in cURL, an URL transfer library.


Several vulnerabilities have been discovered in the chromium web browser.


It was discovered that incorrect connection setup in the server for Teeworlds, an online multi-player platform 2D shooter, could result in denial of service via forged connection packets (rendering all game server slots occupied).


Narendra Shinde discovered that incorrect command-line parameter validation in the Xorg X server may result in arbitary file overwrite, which can result in privilege escalation.


Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.


Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, incomplete TLS identity verification, information disclosure or the execution of arbitrary code.


It was discovered that mosquitto, an MQTT broker, was vulnerable to remote denial-of-service attacks that could be mounted using various vectors.


Multiple security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code, privilege escalation or information disclosure.


Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution or an open redirect. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-006


Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSH library, contains an authentication bypass vulnerability in the server code. An attacker can take advantage of this flaw to successfully authenticate without any credentials by presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication.


Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed.


Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or information disclosure.