Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed.
Comment
Archive for Debian
126 results.
Three vulnerabilities have been discovered in the Go programming language; “net/url” accepted some invalid hosts in URLs which could result in authorisation bypass in some applications and the HTTP/2 implementation was susceptible to denial of service.
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
It was discovered that the code fixes to address CVE-2018-16858 and CVE-2019-9848 were not complete. For the oldstable distribution (stretch), these problems have been fixed
Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5805
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.
Several vulnerabilities were discovered in python-django, a web development framework. They could lead to remote denial-of-service or SQL injection,
Benno Fuenfstueck discovered that Pango, a library for layout and rendering of text with an emphasis on internationalization, is prone to a heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels function. An attacker can take advantage of this flaw for denial of
Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it’s embedded into a downloaded archive and it gets opened in
A issue has been discovered in the PostgreSQL database system, which could result in privilege escalation. For additional information please refer to the upstream announcement at
Two security issues have been discovered in the PostgreSQL database system, which could result in privilege escalation, denial of service or memory disclosure.
Tobias Maedel discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands.
Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:
Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed.
Jeremy Harris discovered that Exim, a mail transport agent, does not properly handle the ${sort } expansion. This flaw can be exploited by a remote attacker to execute programs with root privileges in non-default (and unusual) configurations where ${sort } expansion is used for items
User “Arminius” discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an extensible editor focused on modern code and features:
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised.
Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios.
Two security issues have been discovered in LibreOffice: CVE-2019-9848
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
Harsh Jaiswal discovered a remote shell execution vulnerability in ruby-mini-magick, a Ruby library providing a wrapper around ImageMagick or GraphicsMagick, exploitable when using MiniMagick::Image.open with specially crafted URLs coming from unsanitized user input.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
Multiple vulnerabilities were discovered in the HyperLogLog implementation of Redis, a persistent key-value database, which could result in denial of service or potentially the execution of arbitrary code.
Two vulnerabilities were discovered in the DOSBox emulator, which could result in the execution of arbitrary code on the host running DOSBox when running a malicious executable in the emulator.
Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, a lightweight messaging kernel library. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE encryption/authentication enabled, can take
Three security issues were found in Django, a Python web development framework, which could result in denial of service, incomplete sanitisation of clickable links or missing redirects of HTTP requests to HTTPS.
Joran Dirk Greef discovered that overly long nonces used with ChaCha20-Poly1305 were incorrectly processed and could result in nonce reuse. This doesn’t affect OpenSSL-internal uses of ChaCha20-Poly1305 such as TLS.
A sandbox escape was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code if combined with additional vulnerabilities.