Debian Linux Security Advisory 5589-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data.
99cc458c7d37e5ed3bbb9cd1ecafd2849b5c2bd6325b06e8297be7edef82db88Debian Linux Security Advisory 5588-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.
7af4170ad4031fd3d2a9ee78c01336ac9376c0590df4e88dd4e5550f0258ed24Debian Linux Security Advisory 5587-1 - Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in same cases HSTS data could fail to save to disk.
ee8b5da3ccedc4ad611c77989a7b82094859da7f9354c5d153f42704a855a11aDebian Linux Security Advisory 5586-1 - Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite.
eb54a28b3d95ad19c4329f6295f24f93dcd4b5a934d6c9ce761901a356063b87Debian Linux Security Advisory 5585-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code.
6bdc57ba62dca405ff912bfb253ff159c0424aaec22f42f0393fca58b622688aDebian Linux Security Advisory 5584-1 - It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile configuration option ClassicBondedOnly now defaults to "true" to make sure that input connections only come from bonded device connections.
c60c03d128a6806b3f8d0e7cf027c5d53155058c8e252594daf8af61d204802dDebian Linux Security Advisory 5583-1 - A buffer overflow was discovered in the AV1 video plugin for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
5dfda49306d8cfe3611973e08f1100d7a0e73e95687e4f98225625e819254d99Debian Linux Security Advisory 5582-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing of signed PGP/MIME and SMIME emails.
b3f70726ef2fae015527060cb4b5e5d13980592e40aae2e78d1c509408fdb9b4Debian Linux Security Advisory 5581-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or clickjacking.
8e9ebae0bccbe4842bf36efe2bc7e6db305fad064c670f91a6bc7f76d2742daaDebian Linux Security Advisory 5580-1 - The Zoom Offensive Security Team discovered that processing a SVG image may lead to a denial-of-service.
c6891c045504fe548f17f5660e0f9ab7018990e4e84cbb0260fb3fbed6e142c6Debian Linux Security Advisory 5579-1 - Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if malformed image files are processed.
d3cff019742d9c0322612e8a359f402f4290070167509cc7d9ce8e4d328f85c0Debian Linux Security Advisory 5576-2 - The initial fix for CVE-2023-6377 as applied in DSA 5576-1 did not fully fix the vulnerability. Updated packages correcting this issue including the upstream merged commit are now available.
6ac1fd4d8be53ce269e1946d49995f722c9654920861467d8417cd36346e4880Debian Linux Security Advisory 5578-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle errors in the gdev_prn_open_printer_seekable() function, which could result in the execution of arbitrary commands if malformed document files are processed.
20aeaf38dff4509c5503e7d3ced1a1155f0e31b502d0583ba7cf15955095ed39Debian Linux Security Advisory 5577-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
c5ff8727b2a35a81281356fbaac0341a385b77c155b5b3bcff91bf3678d631d9Debian Linux Security Advisory 5576-1 - Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.
02e7defbebaae0b355ce0347a45f3a3e36a998c50aabf68a9166432de62acb8bDebian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.
fb2b3e50ddbe9455517494418af65058e060ac8c36d2bcce67a49bffceb3b808Debian Linux Security Advisory 5574-1 - Reginaldo Silva discovered two security vulnerabilities in LibreOffice, which could result in the execution of arbitrary scripts or Gstreamer plugins when opening a malformed file.
213eb449b719ea3918fe5b9547405966d36fc8f530f2d761e55375d63d105631Debian Linux Security Advisory 5573-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
6fae7b2aaaff25471cd4aad15ab381b34cbc82ff82460c7b982e9cea7bdbab4bDebian Linux Security Advisory 5572-1 - Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments. This would allow an attacker to load arbitrary JavaScript code.
7488c1f8cb39c45a8e6fb8d221877649d21afc6a14f9c3eceb2b735b03ccc617Debian Linux Security Advisory 5571-1 - It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service.
7957822e1b93b14f04419323dbc94e28eb76fa05e363e9d72f263770555fc295Debian Linux Security Advisory 5570-1 - It was discovered that libnghttp2, a library implementing the HTTP/2 protocol, handled request cancellation incorrectly. This could result in denial of service.
a361a8b094e0e37ca2ea5d4f587944cad91928be895d0bc0f7d06332bb7e2d37Debian Linux Security Advisory 5569-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
d5d2209b119ae9264996f7c9c9bb3d93c4f147ce270625707943898e702df953Debian Linux Security Advisory 5568-1 - It was discovered that incorrect memory management in Fast DDS, a C++ implementation of the DDS (Data Distribution Service) might result in denial of service.
f98b1127ce5c74663b458fb7d53e20ef0a1319434f99078abbab9c106d3d5590Debian Linux Security Advisory 5567-1 - Multiple buffer overflows and memory leak issues have been found in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
488383dfe99aada3210eb06ee816794f7320a1dcece9cbb4baefa6be343ce04bDebian Linux Security Advisory 5566-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
dc1354b24c85d0736abec5ec30d71ed0e434f0143fd6ad92b25792e7a5fe5154
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed