Monthly Archive: October 2019

FreeTDS through 1.1.11 has a Buffer Overflow. Date published : 2019-10-31 https://usn.ubuntu.com/4173-1/ http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00067.html

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an...

A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment. Date published : 2019-10-30 https://ikiwiki.info/security/#index37h2 https://security-tracker.debian.org/tracker/CVE-2010-1673

Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. Date published : 2019-10-30 https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314 https://trac.transmissionbt.com/ticket/1242

Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. Date published : 2019-10-30...

drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. Date published : 2019-10-30 https://www.debian.org/security/2010/dsa-2015 https://security-tracker.debian.org/tracker/CVE-2010-0747

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the...

The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. Date published : 2019-10-30 https://bugs.launchpad.net/ubuntu/+source/autokey/+bug/538471 https://security-tracker.debian.org/tracker/CVE-2010-0398

In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. Date published : 2019-10-30 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207 https://security-tracker.debian.org/tracker/CVE-2010-0207

xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects. Date published : 2019-10-30 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0206 https://security-tracker.debian.org/tracker/CVE-2010-0206

Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration. Date published :...

While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages...

The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar...

** DISPUTED ** systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with...