Monthly Archive: October 2019

burn allows file names to escape via mishandled quotation marks Date published : 2019-10-31 https://security-tracker.debian.org/tracker/CVE-2009-5043

python-docutils allows insecure usage of temporary files Date published : 2019-10-31 https://security-tracker.debian.org/tracker/CVE-2009-5042

overkill has buffer overflow via long player names that can corrupt data on the server machine Date published : 2019-10-31 https://security-tracker.debian.org/tracker/CVE-2009-5041

IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services. Date published : 2019-10-31 http://blog.fuseyism.com/index.php/2010/07/28/icedtea6-174-released/ http://security.gentoo.org/glsa/glsa-201406-32.xml

IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. Date published : 2019-10-31 http://blog.fuseyism.com/index.php/2010/07/28/icedtea6-174-released/ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2548

Mumble: murmur-server has DoS due to malformed client query Date published : 2019-10-31 https://access.redhat.com/security/cve/cve-2010-2490 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2490

Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. Date published : 2019-10-31 https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00002.html https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html

A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn’t used for security purposes (and is advertised...

Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." Date published : 2019-10-31 http://www.openwall.com/lists/oss-security/2013/02/08/2 https://access.redhat.com/security/cve/cve-2012-6123

Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. Date published : 2019-10-31 https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html...

Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a...

OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. Date published : 2019-10-31 https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html http://www.openwall.com/lists/oss-security/2013/04/29/13

autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. Date published : 2019-10-31 https://github.com/wting/autojump/commit/ad09ee27d402be797b3456abff6edeb4291edfec https://github.com/wting/autojump/commit/c763b2afadb188ab52849c21d43d2e8fe5b8800a

A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. Date published : 2019-10-31 https://phabricator.wikimedia.org/T48084 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104022.html