[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 3651 Download | Alert*

This updates fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG files are processed.

Robert Swiecki reported that mod_auth_digest does not properly initialize or reset the value placeholder in [Proxy-]Authorization headers of type "Digest" between successive key=value assignments, leading to information disclosure or denial of service.

It was discovered that ruby-mixlib-archive, a Chef Software"s library used to handle various archive formats, was vulnerable to a directory traversal attack. This allowed attackers to overwrite arbitrary files by using a malicious tar archive containing .. in its entries.

It was discovered that Atril, the MATE document viewer, made insecure use of tar when opening tar comic book archives . Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely.

Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9310 Denial of service via infinite loop in e1000e NIC emulation. CVE-2017-9330 Denial of service via infinite loop in USB OHCI emulation. CVE-2017-9373 Denial of service via memory leak in IDE AHCI emulation. CVE-2017-9374 Denial of service via memory leak in USB EHCI emulation. CVE-2017-9375 Denial of service via ...

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, use of insecure cryptography, side channel attacks, information disclosure, the execution of arbitrary code, denial of service or bypassing Jar verification.

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases of Thunderbird. Support for the 45.x series has ended, so starting with this update we"re now following the 52.x releases.

Tyler Bohan of Talos discovered that FreeRDP, a free implementation of the Remote Desktop Protocol , contained several vulnerabilities that allowed a malicious remote server or a man-in-the-middle to either cause a DoS by forcibly terminating the client, or execute arbitrary code on the client side.

Multiple vulnerabilities were found in qemu, a fast processor emulator: CVE-2017-9524 Denial of service in qemu-nbd server CVE-2017-10806 Buffer overflow in USB redirector CVE-2017-11334 Out-of-band memory access in DMA operations CVE-2017-11443 Out-of-band memory access in SLIRP/DHCP

Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5087 Ned Williamson discovered a way to escape the sandbox. CVE-2017-5088 Xiling Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2017-5089 Michal Bentkowski discovered a spoofing issue. CVE-2017-5091 Ned Williamson discovered a use-after-free issue in IndexedDB. CVE-2017-5092 Yu Zhou di ...

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   365

© SecPod Technologies