A vulnerability has been found in supervisor, a system for controlling process state, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord.
Multiple security vulnerabilities, NULL pointer dereferences, use-after-free and heap based overflows, were discovered in graphicsmagick that can lead to denial of service by consuming all available memory or segmentation faults.
lucene-solr handler supports an HTTP API (/replication?command=filecontent&file=) which is vulnerable to path traversal attack. Specifically, this API does not perform any validation of the user specified file_name parameter. This can
The racoon daemon in IPsec-Tools 0.8.2 and earlier contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly
The fix for CVE-2016-8743 introduced a regression which would segfault apache workers under certain conditions (#858373), an issue similar to previously fixed CVE-2015-0253.
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.57, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible
CVE-2017-9122 The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU
CVE-2017-10686 In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken()
The security update announced as DLA-613-1 caused a regression. A missing null parameter set the $task variable in the rcmail_url() function to a boolean value which led to service not available errors when viewing attached images. Updated packages are now available to
A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service (application crash) or have unspecified other impact, if a specially crafted file is processed.
CVE-2017-10790 The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node
A vulnerability was discovered in gsoap, a library for the development of SOAP web services and clients, that may be exposed with a large and specific XML message over 2 GB in size. After receiving this 2 GB message, a buffer overflow can cause an open unsecured server to crash.
Several vulnerabilities were discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems:
Several issues have been discovered in PHP (recursive acronym for PHP: Hypertext Preprocessor), a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.
It was discovered that there was a remote denial-of-service (DoS) vulnerability in memcached, a high-performance memory object caching system. The try_read_command function allowed remote attackers to cause a DoS via a
Since the release of the last Debian stable release ("stretch"), Debian LTS ("wheezy") has been renamed "oldoldstable", which broke the unattended-upgrades package as described in bug #867169. Updates would simply not be performed anymore.
from the Google Security Team discovered that the Evince document viewer made insecure use of tar when opening tar comic book archives (CBT). Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely.
