(Oct 17) Several vulnerabilities have been discovered in the X.Org X server. An attacker who’s able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.
(Oct 16) Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).
(Oct 11) Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss
(Oct 11) Several vulnerabilities were discovered in WordPress, a web blogging tool. They would allow remote attackers to exploit path-traversal issues, perform SQL injections and various cross-site scripting attacks.
(Oct 10) Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS, Phantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed.
(Oct 10) Two vulnerabilities were found in libXfont, the X11 font rasterisation library, which could result in denial of service or memory disclosure. For the oldstable distribution (jessie), these problems have been fixed
(Oct 8) Christian Boxd?rfer discovered a vulnerability in the handling of FreeDesktop.org .desktop files in Nautilus, a file manager for the GNOME desktop environment. An attacker can craft a .desktop file intended to run malicious commands but displayed as a innocuous document file in Nautilus. An
(Oct 6) It was discovered that the Tor onion service could leak sensitive information to log files if the “SafeLogging” option is set to “0”. The oldstable distribution (jessie) is not affected.
(Oct 6) Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems:
(Sep 21) Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: