steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it.
Secunia Research has discovered multiple vulnerabilities in GnuTLS libtasn1, which can be exploited by malicious people to compromise a vulnerable system.
It was discovered that there was a integer signedness error in the miniupnpc UPnP client that could allow remote attackers to cause a denial of service attack.
It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application
Several issues were discovered in mysql-connector-java that allow attackers to execute arbitrary code, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of the data.
Denial of Service due to Exhaustion of Packet-ID counter An authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit an ASSERT() and
It was discovered that there was a directory traversal attack vulnerability in the web user interface web in the deluge bittorrent client. For Debian 7 "Wheezy", this issue has been fixed in deluge version
CVE-2017-7885 Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow
Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a webmail application, incorrectly handled a user-supplied value. This would allow a logged-in user to run arbitrary commands on the server.
It was discovered that there was an issue in sane-backends, an API library for scanners. It allowed remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware based on Quick Emulator(Qemu). The Common Vulnerabilities and Exposures project identifies the following problems:
The security update announced as DLA-924-1 introduced a regression in Tomcat's APR protocol due to the fix for CVE-2017-5647 and prevented a successful sendfile request.
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".
Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).
Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).
It was discovered that there was a local denial of service vulnerability in lxterminal, the terminal emulator for the LXDE desktop environment. This was caused by an insecure use of temporary files for a socket file.
Roundcube Webmail allows arbitrary password resets by authenticated users. The issue is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.
