Some security vulnerabilities were found in Mercurial which allow authenticated users to trigger arbitrary code execution and unauthorized data access in certain server configuration. Malformed patches and repositories can also lead to crashes and arbitrary code
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
Several issues were discovered in TIFF, the Tag Image File Format library, that allowed remote attackers to cause a denial-of-service or other unspecified impact via a crafted image file.
The security update of Tomcat 7 announced as DLA-1400-1 introduced a regression for applications that make use of the Equinox OSGi framework. The MANIFEST file of tomcat-jdbc.jar in libtomcat7-java contains an invalid version number which was automatically derived
Pysaml2, a Python implementation of the Security Assertion Markup Language, would accept any password when run with Python optimizations enabled. This allows attackers to log in as any user without knowing their password.
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.35. Please see the MariaDB 10.0 Release Notes for further details:
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.
It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. For Debian 8 "Jessie", these problems have been fixed in version
Several vulnerabilities have been discovered in exiv2, a C++ library and a command line utility to manage image metadata, resulting in denial of service, heap-based buffer over-read/overflow, memory exhaustion, and
Various security issues were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer overflows or overreads may lead to a denial of service or disclosure of in-memory information or other unspecified impact by processing a malformed image file.
Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under certain conditions possible.
Several security vulnerabilities were discovered in ImageMagick, an image manipulation program, that allow remote attackers to cause denial of service (application crash) or out of bounds memory access via
It was discovered that there were a number of vulnerabilities in redis, a persistent key-value database: * CVE-2018-11218, CVE-2018-11219: Multiple heap
It was discovered that there were two remote code execution vulnerabilities in php-horde-image, the image processing library for the Horde groupware tool:
